CVE-2022-1292

Updated: 2024-11-23 01:41:17.063586

Description:

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 10
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS mysql 5.1.73 9.8 CRITICAL Not Vulnerable 2022-10-24 05:02:34
CentOS 6 ELS openssl 1.0.1e 9.8 CRITICAL Released CLSA-2022:1657817606 2022-07-26 14:02:59
CentOS 7 ELS openssl 1.0.2k 9.8 CRITICAL Released CLSA-2024:1719925589 2024-07-16 05:53:05
CentOS 8.4 ELS openssl 1.1.1g 9.8 CRITICAL Released CLSA-2022:1657816793 2022-07-18 08:59:04
CentOS 8.4 ELS mysql 8.0.26 9.8 CRITICAL Not Vulnerable 2022-10-24 05:02:33
CentOS 8.5 ELS mysql 8.0.26 9.8 CRITICAL Not Vulnerable 2022-10-24 05:02:34
CentOS 8.5 ELS openssl 1.1.1k 9.8 CRITICAL Released CLSA-2022:1658171496 2022-07-18 16:26:23
CloudLinux 6 ELS openssl 1.0.1e 9.8 CRITICAL Released CLSA-2022:1658168138 2022-08-01 13:07:53
CloudLinux 6 ELS mysql 5.1.73 9.8 CRITICAL Not Vulnerable 2022-10-24 05:02:33
Oracle Linux 6 ELS mysql 5.1.73 9.8 CRITICAL Not Vulnerable 2022-10-24 05:02:34
Total: 15