rpm package
suse/openssl-1_0_0&distro=SUSE Linux Enterprise Module for Legacy 15 SP3
pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2068 | — | < 1.0.2p-150000.3.56.1 | 1.0.2p-150000.3.56.1 | Jun 21, 2022 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis | ||
| CVE-2022-1292 | — | < 1.0.2p-150000.3.56.1 | 1.0.2p-150000.3.56.1 | May 3, 2022 | The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the | ||
| CVE-2022-0778 | Hig | 7.5 | < 1.0.2p-3.49.1 | 1.0.2p-3.49.1 | Mar 15, 2022 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv | |
| CVE-2021-3712 | Hig | 7.4 | < 1.0.2p-3.40.2 | 1.0.2p-3.40.2 | Aug 24, 2021 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated |
- CVE-2022-2068Jun 21, 2022affected < 1.0.2p-150000.3.56.1fixed 1.0.2p-150000.3.56.1
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not dis
- CVE-2022-1292May 3, 2022affected < 1.0.2p-150000.3.56.1fixed 1.0.2p-150000.3.56.1
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the
- affected < 1.0.2p-3.49.1fixed 1.0.2p-3.49.1
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curv
- affected < 1.0.2p-3.40.2fixed 1.0.2p-3.40.2
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated