First published: Tue May 03 2022(Updated: )
A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
rust/openssl-src | >=300.0.0<300.0.6 | 300.0.6 |
redhat/openssl | <1:3.0.1-41.el9_0 | 1:3.0.1-41.el9_0 |
redhat/openssl | <3.0.3 | 3.0.3 |
debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.4.1-1 | |
OpenSSL | >=3.0.0<3.0.3 | |
NetApp Active IQ Unified Manager | ||
IBM Data ONTAP | ||
NetApp ONTAP Antivirus Connector | ||
NetApp SANtricity SMI-S Provider Firmware | ||
NetApp SMI-S Provider | ||
NetApp SnapManager for Hyper-V | ||
NetApp SolidFire Enterprise SDS | ||
NetApp SolidFire & HCI Management Node | ||
All of | ||
NetApp AFF A700s Firmware | ||
NetApp A700 | ||
All of | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
All of | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700S | ||
NetApp H700S | ||
All of | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
All of | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
All of | ||
NetApp H700E | ||
NetApp H700E | ||
All of | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
All of | ||
NetApp AFF 8300 Firmware | ||
NetApp AFF 8300 | ||
All of | ||
NetApp FAS8300 | ||
NetApp FAS8300 | ||
All of | ||
NetApp AFF 8700 | ||
NetApp AFF 8700 | ||
All of | ||
NetApp FAS8700 Firmware | ||
NetApp FAS8700 | ||
All of | ||
NetApp AFF A400 | ||
NetApp AFF A400 | ||
All of | ||
NetApp Fabric-Attached Storage A400 Firmware | ||
NetApp Fabric-Attached Storage A400 Firmware | ||
All of | ||
NetApp A250 | ||
NetApp | ||
All of | ||
NetApp FAS 500F Firmware | ||
NetApp AFF 500F Firmware | ||
All of | ||
NetApp FAS500F Firmware | ||
NetApp FAS500F Firmware | ||
NetApp AFF A700s Firmware | ||
NetApp A700 | ||
NetApp H300S Firmware | ||
NetApp H300S Firmware | ||
NetApp H500e Firmware | ||
NetApp H500e Firmware | ||
NetApp H700S | ||
NetApp H700S | ||
NetApp H300E | ||
NetApp H300E Firmware | ||
NetApp H500S Firmware | ||
NetApp H500e Firmware | ||
NetApp H700E | ||
NetApp H700E | ||
NetApp H410S | ||
NetApp H410S Firmware | ||
NetApp AFF 8300 Firmware | ||
NetApp AFF 8300 | ||
NetApp FAS8300 | ||
NetApp FAS8300 | ||
NetApp AFF 8700 | ||
NetApp AFF 8700 | ||
NetApp FAS8700 Firmware | ||
NetApp FAS8700 | ||
NetApp AFF A400 | ||
NetApp AFF A400 | ||
NetApp Fabric-Attached Storage A400 Firmware | ||
NetApp Fabric-Attached Storage A400 Firmware | ||
NetApp A250 | ||
NetApp | ||
NetApp FAS 500F Firmware | ||
NetApp AFF 500F Firmware | ||
NetApp FAS500F Firmware | ||
NetApp FAS500F Firmware |
Red Hat has investigated whether possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1473 is a vulnerability in OpenSSL that causes TLS servers and clients to be halted due to a memory leak flaw.
CVE-2022-1473 has a severity rating of 7.5, classified as high.
CVE-2022-1473 impacts OpenSSL by breaking the reuse of memory occupied by removed hash table entries, resulting in memory usage growth for long-lived processes decoding certificates or keys.
The remedy for CVE-2022-1473 in OpenSSL is to update to version 3.0.6 or later.
You can find more information about CVE-2022-1473 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-1473), [OpenSSL Git Commit](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1), [OpenSSL Security Advisory](https://www.openssl.org/news/secadv/20220503.txt).