First published: Tue May 03 2022(Updated: )
A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
rust/openssl-src | >=300.0.0<300.0.6 | 300.0.6 |
redhat/openssl | <1:3.0.1-41.el9_0 | 1:3.0.1-41.el9_0 |
redhat/openssl | <3.0.3 | 3.0.3 |
OpenSSL OpenSSL | >=3.0.0<3.0.3 | |
Netapp Active Iq Unified Manager Vsphere | ||
NetApp Clustered Data ONTAP | ||
Netapp Clustered Data Ontap Antivirus Connector | ||
Netapp Santricity Smi-s Provider | ||
Netapp Smi-s Provider | ||
Netapp Snapmanager Hyper-v | ||
Netapp Solidfire\, Enterprise Sds \& Hci Storage Node | ||
Netapp Solidfire \& Hci Management Node | ||
Netapp A700s Firmware | ||
Netapp A700s | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp Aff 8300 Firmware | ||
Netapp Aff 8300 | ||
Netapp Fas 8300 Firmware | ||
Netapp Fas 8300 | ||
Netapp Aff 8700 Firmware | ||
Netapp Aff 8700 | ||
Netapp Fas 8700 Firmware | ||
Netapp Fas 8700 | ||
Netapp Aff A400 Firmware | ||
Netapp Aff A400 | ||
Netapp Fabric-attached Storage A400 Firmware | ||
Netapp Fabric-attached Storage A400 | ||
Netapp A250 Firmware | ||
Netapp A250 | ||
Netapp Aff 500f Firmware | ||
Netapp Aff 500f | ||
Netapp Fas 500f Firmware | ||
Netapp Fas 500f | ||
debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.3.2-2 | |
All of | ||
Netapp A700s Firmware | ||
Netapp A700s | ||
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
All of | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
All of | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp Aff 8300 Firmware | ||
Netapp Aff 8300 | ||
All of | ||
Netapp Fas 8300 Firmware | ||
Netapp Fas 8300 | ||
All of | ||
Netapp Aff 8700 Firmware | ||
Netapp Aff 8700 | ||
All of | ||
Netapp Fas 8700 Firmware | ||
Netapp Fas 8700 | ||
All of | ||
Netapp Aff A400 Firmware | ||
Netapp Aff A400 | ||
All of | ||
Netapp Fabric-attached Storage A400 Firmware | ||
Netapp Fabric-attached Storage A400 | ||
All of | ||
Netapp A250 Firmware | ||
Netapp A250 | ||
All of | ||
Netapp Aff 500f Firmware | ||
Netapp Aff 500f | ||
All of | ||
Netapp Fas 500f Firmware | ||
Netapp Fas 500f |
Red Hat has investigated whether possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1473 is a vulnerability in OpenSSL that causes TLS servers and clients to be halted due to a memory leak flaw.
CVE-2022-1473 has a severity rating of 7.5, classified as high.
CVE-2022-1473 impacts OpenSSL by breaking the reuse of memory occupied by removed hash table entries, resulting in memory usage growth for long-lived processes decoding certificates or keys.
The remedy for CVE-2022-1473 in OpenSSL is to update to version 3.0.6 or later.
You can find more information about CVE-2022-1473 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-1473), [OpenSSL Git Commit](https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1), [OpenSSL Security Advisory](https://www.openssl.org/news/secadv/20220503.txt).