CVE-2022-1473

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
opensslCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
opensslopenssl
3.0.0 ≤
𝑥
< 3.0.3
netappactive_iq_unified_manager
-
netappclustered_data_ontap
-
netappclustered_data_ontap_antivirus_connector
-
netappsantricity_smi-s_provider
-
netappsmi-s_provider
-
netappsnapmanager
-
netappsolidfire\,_enterprise_sds_\&_hci_storage_node
-
netappsolidfire_\&_hci_management_node
-
netappa700s_firmware
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph300e_firmware
-
netapph500e_firmware
-
netapph700e_firmware
-
netapph410s_firmware
-
netappaff_8300_firmware
-
netappfas_8300_firmware
-
netappaff_8700_firmware
-
netappfas_8700_firmware
-
netappaff_a400_firmware
-
netappfabric-attached_storage_a400_firmware
-
netappa250_firmware
-
netappaff_500f_firmware
-
netappfas_500f_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
focal
not-affected
bionic
not-affected
xenial
needed
trusty
dne
nodejs
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
openssl
noble
Fixed 3.0.2-0ubuntu2
released
mantic
Fixed 3.0.2-0ubuntu2
released
lunar
Fixed 3.0.2-0ubuntu2
released
kinetic
Fixed 3.0.2-0ubuntu2
released
jammy
Fixed 3.0.2-0ubuntu1.1
released
impish
not-affected
focal
not-affected
bionic
not-affected
xenial
Fixed 1.0.2g-1ubuntu4.20+esm3
released
trusty
not-affected
openssl1.0
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
https://security.gentoo.org/glsa/202210-02
https://security.netapp.com/advisory/ntap-20220602-0009/
https://www.openssl.org/news/secadv/20220503.txt
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
https://security.gentoo.org/glsa/202210-02
https://security.netapp.com/advisory/ntap-20220602-0009/
https://www.openssl.org/news/secadv/20220503.txt