vulnerability

Debian: CVE-2022-1292: openssl -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	May 3, 2022	May 16, 2022	May 24, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

May 3, 2022

Added

May 16, 2022

Modified

May 24, 2022

Description

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Solution

debian-upgrade-openssl

References

CVE-2022-1292
https://attackerkb.com/topics/CVE-2022-1292
DEBIAN-DLA-3008-1
DEBIAN-DSA-5139

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today