7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.9%
The BN_mod_sqrt() function, which computes a modular square root, contains
a bug that can cause it to loop forever for non-prime moduli. Internally
this function is used when parsing certificates that contain elliptic curve
public keys in compressed form or explicit elliptic curve parameters with a
base point encoded in compressed form. It is possible to trigger the
infinite loop by crafting a certificate that has invalid explicit curve
parameters. Since certificate parsing happens prior to verification of the
certificate signature, any process that parses an externally supplied
certificate may thus be subject to a denial of service attack. The infinite
loop can also be reached when parsing crafted private keys as they can
contain explicit elliptic curve parameters. Thus vulnerable situations
include: - TLS clients consuming server certificates - TLS servers
consuming client certificates - Hosting providers taking certificates or
private keys from customers - Certificate authorities parsing certification
requests from subscribers - Anything else which parses ASN.1 elliptic curve
parameters Also any other applications that use the BN_mod_sqrt() where the
attacker can control the parameter values are vulnerable to this DoS issue.
In the OpenSSL 1.0.2 version the public key is not parsed during initial
parsing of the certificate which makes it slightly harder to trigger the
infinite loop. However any operation which requires the public key from the
certificate will trigger the infinite loop. In particular the attacker can
use a self-signed certificate to trigger the loop during verification of
the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1
and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th
March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL
1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected
1.0.2-1.0.2zc).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | nodejs | < 12.22.9~dfsg-1ubuntu3.1 | UNKNOWN |
ubuntu | 18.04 | noarch | openssl | < 1.1.1-1ubuntu2.1~18.04.15 | UNKNOWN |
ubuntu | 20.04 | noarch | openssl | < 1.1.1f-1ubuntu2.12 | UNKNOWN |
ubuntu | 21.10 | noarch | openssl | < 1.1.1l-1ubuntu1.2 | UNKNOWN |
ubuntu | 22.04 | noarch | openssl | < 3.0.2-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | openssl | < 3.0.2-0ubuntu1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2022-0778
nvd.nist.gov/vuln/detail/CVE-2022-0778
security-tracker.debian.org/tracker/CVE-2022-0778
ubuntu.com/security/notices/USN-5328-1
ubuntu.com/security/notices/USN-5328-2
ubuntu.com/security/notices/USN-6457-1
www.cve.org/CVERecord?id=CVE-2022-0778
www.openssl.org/news/secadv/20220315.txt
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.9%