JLSEC-2026-228 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection....

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

USN-7018-1 openssl vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

openssl: c_rehash script allows command injection

A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...

openssl: the c_rehash script allows command injection

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically...

CLSA-2022-1657816793 Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068

CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired SCT certificates...

OpenSSL 操作系统命令注入漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hash algorithms, secure hash...

PT-2022-2691

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2zd OpenSSL versions 1.1.1 through 1.1.1n OpenSSL versions 3.0.0 through 3.0.2 Description The c rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is...