Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-2274

Good to know:

icon

Date: July 1, 2022

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

Language: RUST

Severity Score

Related Resources (7)

https://nvd.nist.gov/vuln/detail/CVE-2022-2274
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345
https://www.openssl.org/news/secadv/20220705.txt
https://security-tracker.debian.org/tracker/CVE-2022-2274
https://security.netapp.com/advisory/ntap-20220715-0010/
https://github.com/openssl/openssl/issues/18625
https://www.mend.io/vulnerability-database/CVE-2022-2274

Severity Score

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

icon

Upgrade Version

Upgrade to version openssl-src - 300.0.9+3.0.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us