JLSEC-2026-227 openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

MiracleLinux 8 : compat-openssl10-1.0.2o-4.el8 (AXSA:2022-3803:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3803:01 advisory. compat-openssl10: Infinite loop in BNmodsqrt reachable when parsing certificates CVE-2022-0778 CVEs: CVE-2022-0778 Tenable has extracted the preceding...

BIT-MARIADB-MIN-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

CBL Mariner 2.0 Security Update: edk2 / openssl (CVE-2022-0778)

The version of edk2 / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0778 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loo...

Fortinet FortiClient in OpenSSL library (FG-IR-22-059)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for...

Fortinet Fortigate in OpenSSL library (FG-IR-22-059)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-059 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prim...

Siemens SCALANCE, SIMATIC and RUGGEDCOM Products Command Injection (CVE-2022-0778)

The BNmodsqrt function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve paramete...

BIT-MYSQL-CLIENT-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

BIT-MARIADB-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

CentOS 9 : compat-openssl11-1.1.1k-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the compat- openssl11-1.1.1k-4.el9 build changelog. - Infinite loop in BNmodsqrt reachable when parsing certificates CVE-2022-0778 Note that Nessus has not tested for this issue but has...

Rocky Linux 9 : compat-openssl11 (RLSA-2022:4899)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4899 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function i...

Rocky Linux 8 : compat-openssl10 (RLSA-2022:5326)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5326 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function i...

Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6457-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6457-1 advisory. Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...

ABB RTU500 Series Infinite Loop in embedded OpenSSL (CVE-2022-0778)

A vulnerability exists in the OpenSSL version 1.0.2 that affects the RTU500 Series product versions listed below. RTU500 series CMU Firmware versions 12.0.1 – 12.0.14 12.2.1 – 12.2.11 12.4.1 – 12.4.11 12.6.1 – 12.6.8 12.7.1 – 12.7.5 13.2.1 – 13.2.5 13.3.1 – 13.3.3 13.4.1 The BNmodsq...

Juniper Junos OS Multiple Vulnerabilities (JSA70186)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA70186 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is...

Hitachi Energy's RTU500 Series Product (UPDATE B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : RTU500 Series Vulnerabilities : Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION...

Important: openssl

Issue Overview: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-051)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-051 advisory. The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates...

Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2023-037)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-037 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability...

K31323265: OpenSSL vulnerability CVE-2022-0778

Security Advisory Description The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit...