The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
References
Link | Resource |
---|---|
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345 | |
https://github.com/openssl/openssl/issues/18625 | Exploit Issue Tracking Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220715-0010/ | Third Party Advisory |
https://www.openssl.org/news/secadv/20220705.txt | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
07 Nov 2023, 03:46
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Oct 2022, 02:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h500s
Netapp h700s Netapp h300s Netapp h410c Netapp h410c Firmware Netapp snapcenter Netapp Netapp h410s Firmware Netapp h300s Firmware Netapp h700s Firmware Netapp h410s Netapp h500s Firmware |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220715-0010/ - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
15 Jul 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jul 2022, 17:05
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345 - Mailing List, Patch, Vendor Advisory | |
References | (CONFIRM) https://www.openssl.org/news/secadv/20220705.txt - Vendor Advisory | |
References | (CONFIRM) https://github.com/openssl/openssl/issues/18625 - Exploit, Issue Tracking, Third Party Advisory | |
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
First Time |
Openssl
Openssl openssl |
|
CPE | cpe:2.3:a:openssl:openssl:3.0.4:*:*:*:*:*:*:* |
05 Jul 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-01 08:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-2274
Mitre link : CVE-2022-2274
CVE.ORG link : CVE-2022-2274
JSON object : View
Products Affected
netapp
- h700s_firmware
- h700s
- h300s_firmware
- h410c
- h410s
- h500s_firmware
- h410s_firmware
- h500s
- snapcenter
- h410c_firmware
- h300s
openssl
- openssl
CWE
CWE-787
Out-of-bounds Write