CVE-2022-2274
Description
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | >= 300.0.8, < 300.0.9 | 300.0.9 |
Affected products
4- ghsa-coords3 versionspkg:cargo/openssl-srcpkg:rpm/opensuse/openssh&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-3&distro=openSUSE%20Tumbleweed
>= 300.0.8, < 300.0.9+ 2 more
- (no CPE)range: >= 300.0.8, < 300.0.9
- (no CPE)range: < 9.3p1-1.1
- (no CPE)range: < 3.0.5-1.1
- Range: Affects OpenSSL 3.0.4
Patches
Vulnerability mechanics
References
9- github.com/openssl/openssl/issues/18625nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-735f-pg76-fxc4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2274ghsaADVISORY
- security.netapp.com/advisory/ntap-20220715-0010/nvdThird Party Advisory
- www.openssl.org/news/secadv/20220705.txtnvdVendor AdvisoryWEB
- git.openssl.org/gitweb/ghsaWEB
- rustsec.org/advisories/RUSTSEC-2022-0033.htmlghsaWEB
- security.netapp.com/advisory/ntap-20220715-0010ghsaWEB
- git.openssl.org/gitweb/nvd
News mentions
0No linked articles in our index yet.