CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
First published: Wed Mar 09 2022(Updated: )
A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack.
Credit: openssl-security@openssl.org CVE-2022-0778 CVE-2022-0778 CVE-2022-0778 openssl-security@openssl.org openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-91.el8 | 0:1.6.1-91.el8 |
| redhat/jbcs-httpd24-curl | <0:7.78.0-3.el8 | 0:7.78.0-3.el8 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-80.el8 | 0:2.4.37-80.el8 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-41.el8 | 0:1.39.2-41.el8 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1g-11.el8 | 1:1.1.1g-11.el8 |
| redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-11.el8 | 0:1.0.0-11.el8 |
| redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-26.el8 | 0:0.4.10-26.el8 |
| redhat/jbcs-httpd24-apr-util | <0:1.6.1-91.jbcs.el7 | 0:1.6.1-91.jbcs.el7 |
| redhat/jbcs-httpd24-curl | <0:7.78.0-3.jbcs.el7 | 0:7.78.0-3.jbcs.el7 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-80.jbcs.el7 | 0:2.4.37-80.jbcs.el7 |
| redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-41.jbcs.el7 | 0:1.39.2-41.jbcs.el7 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1g-11.jbcs.el7 | 1:1.1.1g-11.jbcs.el7 |
| redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-11.jbcs.el7 | 0:1.0.0-11.jbcs.el7 |
| redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-26.jbcs.el7 | 0:0.4.10-26.jbcs.el7 |
| redhat/openssl | <0:1.0.1e-60.el6_10 | 0:1.0.1e-60.el6_10 |
| redhat/openssl | <1:1.0.2k-25.el7_9 | 1:1.0.2k-25.el7_9 |
| redhat/openssl | <1:1.0.1e-62.el7_3 | 1:1.0.1e-62.el7_3 |
| redhat/openssl | <1:1.0.2k-10.el7_4 | 1:1.0.2k-10.el7_4 |
| redhat/openssl | <1:1.0.2k-18.el7_6 | 1:1.0.2k-18.el7_6 |
| redhat/openssl | <1:1.0.2k-21.el7_7 | 1:1.0.2k-21.el7_7 |
| redhat/compat-openssl10 | <1:1.0.2o-4.el8_6 | 1:1.0.2o-4.el8_6 |
| redhat/openssl | <1:1.1.1k-6.el8_5 | 1:1.1.1k-6.el8_5 |
| redhat/openssl | <1:1.1.1c-5.el8_1.1 | 1:1.1.1c-5.el8_1.1 |
| redhat/openssl | <1:1.1.1c-19.el8_2 | 1:1.1.1c-19.el8_2 |
| redhat/openssl | <1:1.1.1g-16.el8_4 | 1:1.1.1g-16.el8_4 |
| redhat/compat-openssl11 | <1:1.1.1k-4.el9_0 | 1:1.1.1k-4.el9_0 |
| redhat/jws5-tomcat | <0:9.0.50-5.redhat_00007.1.el7 | 0:9.0.50-5.redhat_00007.1.el7 |
| redhat/jws5-tomcat-native | <0:1.2.30-4.redhat_4.el7 | 0:1.2.30-4.redhat_4.el7 |
| redhat/jws5-tomcat | <0:9.0.50-5.redhat_00007.1.el8 | 0:9.0.50-5.redhat_00007.1.el8 |
| redhat/jws5-tomcat-native | <0:1.2.30-4.redhat_4.el8 | 0:1.2.30-4.redhat_4.el8 |
| redhat/redhat-virtualization-host | <0:4.3.22-20220330.1.el7_9 | 0:4.3.22-20220330.1.el7_9 |
| OpenSSL OpenSSL | >=1.0.2<1.0.2zd | |
| OpenSSL OpenSSL | >=1.1.0<1.1.1n | |
| OpenSSL OpenSSL | >=3.0.0<3.0.2 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Netapp Cloud Volumes Ontap Mediator | ||
| NetApp Clustered Data ONTAP | ||
| Netapp Clustered Data Ontap Antivirus Connector | ||
| Netapp Santricity Smi-s Provider | ||
| Netapp Storagegrid | ||
| Netapp A250 Firmware | ||
| Netapp A250 | ||
| Netapp 500f Firmware | ||
| Netapp 500f | ||
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =36 | |
| Tenable Nessus | <8.15.4 | |
| Tenable Nessus | >=10.0.0<10.1.2 | |
| Mariadb Mariadb | >=10.2.0<10.2.42 | |
| Mariadb Mariadb | >=10.3.0<10.3.33 | |
| Mariadb Mariadb | >=10.4.0<10.4.23 | |
| Mariadb Mariadb | >=10.5.0<10.5.14 | |
| Mariadb Mariadb | >=10.6.0<10.6.6 | |
| Mariadb Mariadb | >=10.7.0<10.7.2 | |
| Nodejs Node.js | >=12.0.0<=12.12.0 | |
| Nodejs Node.js | >=12.13.0<12.22.11 | |
| Nodejs Node.js | >14.0.0<=14.14.0 | |
| Nodejs Node.js | >=14.15.0<14.19.1 | |
| Nodejs Node.js | >16.0.0<=16.12.0 | |
| Nodejs Node.js | >=16.13.0<16.14.2 | |
| Nodejs Node.js | >17.0.0<17.7.2 | |
| Apple Catalina | ||
| redhat/openssl | <1.0.2 | 1.0.2 |
| redhat/openssl | <1.1.1 | 1.1.1 |
| redhat/openssl | <3.0.2 | 3.0.2 |
| ubuntu/nodejs | <12.22.9~dfsg-1ubuntu3.1 | 12.22.9~dfsg-1ubuntu3.1 |
| ubuntu/openssl | <1.1.1-1ubuntu2.1~18.04.15 | 1.1.1-1ubuntu2.1~18.04.15 |
| ubuntu/openssl | <1.1.1 | 1.1.1 |
| ubuntu/openssl | <1.1.1 | 1.1.1 |
| ubuntu/openssl | <3.0.2-0ubuntu1 | 3.0.2-0ubuntu1 |
| ubuntu/openssl | <3.0.2-0ubuntu1 | 3.0.2-0ubuntu1 |
| ubuntu/openssl | <3.0.2-0ubuntu1 | 3.0.2-0ubuntu1 |
| ubuntu/openssl | <3.0.2-0ubuntu1 | 3.0.2-0ubuntu1 |
| ubuntu/openssl | <3.0.2-0ubuntu1 | 3.0.2-0ubuntu1 |
| ubuntu/openssl | <1.0.1 | 1.0.1 |
| ubuntu/openssl | <1.1.1<3.0.2 | 1.1.1 3.0.2 |
| ubuntu/openssl | <1.0.2 | 1.0.2 |
| ubuntu/openssl1.0 | <1.0.2 | 1.0.2 |
| All of | ||
| Netapp A250 Firmware | ||
| Netapp A250 | ||
| All of | ||
| Netapp 500f Firmware | ||
| Netapp 500f | ||
| rust/openssl-src | <111.18.0 | 111.18.0 |
| rust/openssl-src | >=300.0.0<300.0.5 | 300.0.5 |
| debian/openssl | 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.13-1~deb12u1 3.0.11-1~deb12u2 3.2.2-1 | |
| IBM Engineering Requirements Quality Assistant On-Premises | <=All | |
| Apple macOS Big Sur | <11.6.6 | 11.6.6 |
| <12.4 | 12.4 |
Remedy
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 https://www.openssl.org/news/secadv/20220315.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=2062202
- https://access.redhat.com/errata/RHSA-2022:1389
- https://access.redhat.com/errata/RHSA-2022:4956
- https://access.redhat.com/errata/RHSA-2022:1073
- https://access.redhat.com/errata/RHSA-2022:1066
- https://access.redhat.com/errata/RHSA-2022:1082
- https://access.redhat.com/errata/RHSA-2022:1076
- https://access.redhat.com/errata/RHSA-2022:1078
- https://access.redhat.com/errata/RHSA-2022:1077
- https://access.redhat.com/errata/RHSA-2022:5326
- https://access.redhat.com/errata/RHSA-2022:1065
- https://access.redhat.com/errata/RHSA-2022:1112
- https://access.redhat.com/errata/RHSA-2022:1091
- https://access.redhat.com/errata/RHSA-2022:1071
- https://access.redhat.com/errata/RHSA-2022:4899
- https://access.redhat.com/errata/RHSA-2022:1390
- https://access.redhat.com/errata/RHSA-2022:1520
- https://access.redhat.com/errata/RHSA-2022:1519
- https://access.redhat.com/errata/RHSA-2022:1263
- https://access.redhat.com/errata/RHSA-2022:4896
- https://access.redhat.com/security/cve/cve-2022-0778
- http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
- https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
- https://security.gentoo.org/glsa/202210-02
- https://security.netapp.com/advisory/ntap-20220321-0002/
- https://security.netapp.com/advisory/ntap-20220429-0005/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.debian.org/security/2022/dsa-5103
- https://www.openssl.org/news/secadv/20220315.txt
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-06
- https://www.tenable.com/security/tns-2022-07
- https://www.tenable.com/security/tns-2022-08
- https://www.tenable.com/security/tns-2022-09
- https://support.apple.com/en-us/HT213255 (Advisory)
- https://support.apple.com/en-us/HT213256 (Advisory)
- https://support.apple.com/en-us/HT213257 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064917
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064914
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064911
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064918
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064913
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064915
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2062202#c40
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2067222
- https://access.redhat.com/security/updates/backporting
- https://access.redhat.com/errata/RHSA-2022:1476
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2062202#c37
- https://access.redhat.com/security/cve/CVE-2022-2078
- https://access.redhat.com/security/cve/CVE-2022-0778
- https://ubuntu.com/security/notices/USN-5328-1
- https://ubuntu.com/security/notices/USN-5328-2
- https://ubuntu.com/security/notices/USN-6457-1
- https://www.cve.org/CVERecord?id=CVE-2022-0778
- https://nvd.nist.gov/vuln/detail/CVE-2022-0778
- https://launchpad.net/bugs/cve/CVE-2022-0778
- https://security-tracker.debian.org/tracker/CVE-2022-0778
- https://ubuntu.com/security/CVE-2022-0778
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://rustsec.org/advisories/RUSTSEC-2022-0014.html
- https://security.netapp.com/advisory/ntap-20220321-0002
- https://security.netapp.com/advisory/ntap-20220429-0005
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ
- https://github.com/advisories/GHSA-x3mh-jvjw-3xwx (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
- https://www.ibm.com/support/pages/node/6604005 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
- RHSA-2022:1389
- RHSA-2022:4956
- RHSA-2022:1073
- RHSA-2022:1066
- RHSA-2022:1082
- RHSA-2022:1076
- RHSA-2022:1078
- RHSA-2022:1077
- RHSA-2022:5326
- RHSA-2022:1065
- RHSA-2022:1112
- RHSA-2022:1091
- RHSA-2022:1071
- RHSA-2022:4899
- RHSA-2022:1390
- RHSA-2022:1520
- RHSA-2022:1519
- RHSA-2022:1263
- RHSA-2022:4896
- HT213255
- USN-5328-1
- USN-5328-2
- USN-6457-1
- IBM-6604005
- HT213256
- HT213257
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-22665
- CVE-2022-22630
- CVE-2022-26751
- CVE-2022-26697
- CVE-2022-26698
- CVE-2022-22663
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-26763
- CVE-2022-22674
- CVE-2022-26720
- CVE-2022-26770
- CVE-2022-26756
- CVE-2022-26769
- CVE-2022-26748
- CVE-2022-26714
- CVE-2022-26757
- CVE-2022-32790
- CVE-2022-26775
- CVE-2022-0778
- CVE-2022-23308
- CVE-2022-32794
- CVE-2022-26727
- CVE-2022-26746
- CVE-2022-26766
- CVE-2022-26715
- CVE-2022-26728
- CVE-2022-26726
- CVE-2022-26755
- CVE-2022-22589
- CVE-2022-26761
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
- CVE-2022-22675
- CVE-2022-26768
- CVE-2021-30946
- CVE-2022-26767
- CVE-2022-26706
- CVE-2022-32882
- CVE-2022-26776
- CVE-2022-26712
- CVE-2022-26731
- CVE-2022-26718
- CVE-2022-26723
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-26745
- CVE-2022-26772
- CVE-2022-26741
- CVE-2022-26742
- CVE-2022-26749
- CVE-2022-26750
- CVE-2022-26752
- CVE-2022-26753
- CVE-2022-26754
- CVE-2022-26707
- CVE-2022-26736
- CVE-2022-26737
- CVE-2022-26738
- CVE-2022-26739
- CVE-2022-26740
- CVE-2022-32783
- CVE-2022-26694
- CVE-2022-32781
- CVE-2022-26711
- CVE-2022-26725
- CVE-2022-26701
- CVE-2022-26758
- CVE-2022-26743
- CVE-2022-26764
- CVE-2022-26765
- CVE-2022-26708
- CVE-2022-48575
- CVE-2022-22617
- CVE-2022-32782
- CVE-2022-26693
- CVE-2022-26704
- CVE-2022-42857
- CVE-2022-26696
- CVE-2022-26700
- CVE-2022-26709
- CVE-2022-26710
- CVE-2022-26717
- CVE-2022-26716
- CVE-2022-26719
- CVE-2022-22677
- CVE-2022-26762
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-0778.
What is the severity of CVE-2022-0778?
The severity of CVE-2022-0778 is high.
How does the vulnerability CVE-2022-0778 affect OpenSSL?
The vulnerability CVE-2022-0778 affects OpenSSL by causing the BN_mod_sqrt() function to loop forever for non-prime moduli.
Which software versions are affected by CVE-2022-0778?
The software versions affected by CVE-2022-0778 are OpenSSL 1.0.2 up to exclusive and OpenSSL 1.1.1 up to exclusive.
How can I fix the vulnerability CVE-2022-0778?
To fix the vulnerability CVE-2022-0778, update OpenSSL to a version that includes the fix.
- collector/redhat-cve
- collector/nvd-index
- collector/apple-support
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-0778
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/title
- collector/nvd-api
- source/NVD
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-x3mh-jvjw-3xwx
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- collector/github-advisory
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- agent/references
- source/Apple
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- package-manager/redhat
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.0.2
- version/openssl openssl/1.1.0
- version/openssl openssl/3.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/netapp
- canonical/netapp cloud volumes ontap mediator
- canonical/netapp clustered data ontap
- canonical/netapp clustered data ontap antivirus connector
- canonical/netapp santricity smi-s provider
- canonical/netapp storagegrid
- canonical/netapp a250 firmware
- canonical/netapp a250
- canonical/netapp 500f firmware
- canonical/netapp 500f
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/36
- vendor/tenable
- canonical/tenable nessus
- version/tenable nessus/10.0.0
- vendor/mariadb
- canonical/mariadb mariadb
- version/mariadb mariadb/10.2.0
- version/mariadb mariadb/10.3.0
- version/mariadb mariadb/10.4.0
- version/mariadb mariadb/10.5.0
- version/mariadb mariadb/10.6.0
- version/mariadb mariadb/10.7.0
- vendor/nodejs
- canonical/nodejs node.js
- version/nodejs node.js/12.0.0
- version/nodejs node.js/12.12.0
- version/nodejs node.js/12.13.0
- version/nodejs node.js/14.14.0
- version/nodejs node.js/14.15.0
- version/nodejs node.js/16.12.0
- version/nodejs node.js/16.13.0
- vendor/apple
- canonical/apple catalina
- package-manager/ubuntu
- package-manager/rust
- package-manager/debian
- vendor/ibm
- canonical/ibm engineering requirements quality assistant on-premises
- version/ibm engineering requirements quality assistant on-premises/all
- canonical/apple macos big sur
- canonical/apple macos monterey