CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption

🗓️ 11 Oct 2022 15:00:14Reported by opensslType

CVE-2022-3358: Custom Cipher NULL Encryptio

Reporter	Title	Published	Views	Family All 86
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities	25 Jul 202313:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-3358]	26 Sep 202414:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX	24 Jan 202316:12	–	ibm
FreeBSD	OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher	11 Oct 202200:00	–	freebsd
ATTACKERKB	CVE-2022-3358	29 Sep 202200:00	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-054)	21 Mar 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : openssl (ALSA-2023:2523)	14 May 202300:00	–	nessus
Tenable Nessus	FreeBSD : OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher (7392e1e3-4eb9-11ed-856e-d4c9ef517024)	18 Oct 202200:00	–	nessus
Tenable Nessus	GLSA-202402-08 : OpenSSL: Multiple Vulnerabilities	4 Feb 202400:00	–	nessus
Tenable Nessus	MiracleLinux 9 : openssl-3.0.7-6.el9 (AXSA:2023-5373:04)	20 Jan 202600:00	–	nessus

[
  {
    "vendor": "OpenSSL",
    "product": "OpenSSL",
    "versions": [
      {
        "version": "Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5)",
        "status": "affected"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
openssl	www.openssl.org/news/secadv/20221011.txt
git	www.git.openssl.org/gitweb/
security	www.security.gentoo.org/glsa/202402-08
security	www.security.netapp.com/advisory/ntap-20221028-0014/

04 Feb 2024 09:06Current

7.6High risk

Vulners AI Score7.6

EPSS0.19455