CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
opensslCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
opensslopenssl
1.0.2 ≤
𝑥
< 1.0.2zf
opensslopenssl
1.1.1 ≤
𝑥
< 1.1.1p
opensslopenssl
3.0.0 ≤
𝑥
< 3.0.4
debiandebian_linux
10.0
debiandebian_linux
11.0
siemenssinec_ins
𝑥
< 1.0
siemenssinec_ins
1.0
siemenssinec_ins
1.0:sp1
siemenssinec_ins
1.0:sp2
netappelement_software
-
netapphci_management_node
-
netappontap_antivirus_connector
-
netappontap_select_deploy_administration_utility
-
netappsantricity_smi-s_provider
-
netappsmi-s_provider
-
netappsnapmanager
-
netappsolidfire
-
netappbootstrap_os
-
netapph615c_firmware
-
netapph610s_firmware
-
netapph610c_firmware
-
netapph410c_firmware
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph410s_firmware
-
netappfas_8300_firmware
-
netappfas_8700_firmware
-
netappfas_a400_firmware
-
netappaff_8300_firmware
-
netappaff_8700_firmware
-
netappaff_a400_firmware
-
broadcomsannav
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
focal
not-affected
bionic
not-affected
xenial
needs-triage
trusty
dne
nodejs
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
Fixed 12.22.9~dfsg-1ubuntu3.1
released
impish
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
openssl
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
Fixed 3.0.2-0ubuntu1.5
released
impish
Fixed 1.1.1l-1ubuntu1.5
released
focal
Fixed 1.1.1f-1ubuntu2.15
released
bionic
Fixed 1.1.1-1ubuntu2.1~18.04.19
released
xenial
Fixed 1.0.2g-1ubuntu4.20+esm5
released
trusty
Fixed 1.0.1f-1ubuntu2.27+esm10
released
openssl1.0
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
focal
dne
bionic
Fixed 1.0.2n-1ubuntu5.10
released
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
https://security.netapp.com/advisory/ntap-20220707-0008/
https://www.debian.org/security/2022/dsa-5169
https://www.openssl.org/news/secadv/20220621.txt
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
https://security.netapp.com/advisory/ntap-20220707-0008/
https://www.debian.org/security/2022/dsa-5169
https://www.openssl.org/news/secadv/20220621.txt