CVE-2022-0778: infinite loop in OpenSSL certificate parsing
Closed, ResolvedPublicBUG
Actions

Assigned To

None

Authored By

	dmbaturin
	Mar 21 2022, 12:06 PM

Description

CVE-2022-0778 is a vulnerability in OpenSSL that potentially allows a remote attacker to cause an infinite loop in a process by sending a malformed certificate.

See https://www.openssl.org/news/secadv/20220315.txt

This issue is automatically fixed thanks to OpenSSL updates from Debian.

Details

Version: 1.3.0
Is it a breaking change?: Perfectly compatible
Issue type: Security vulnerability

Related Objects

Mentioned In: 1.3.3
1.3.1

Event Timeline

dmbaturin created this task.Mar 21 2022, 12:06 PM

dmbaturin renamed this task from CVE-2022-0778 to CVE-2022-0778: infinite loop in OpenSSL certificate parsing.

dmbaturin closed this task as Resolved.Mar 21 2022, 12:12 PM

dmbaturin mentioned this in 1.3.1.Jun 11 2022, 8:40 AM

syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.Aug 30 2022, 2:21 PM

dmbaturin mentioned this in 1.3.3.Sep 22 2022, 10:56 AM

CVE-2022-0778: infinite loop in OpenSSL certificate parsingClosed, ResolvedPublicBUGActions

Description

Details

Related Objects

Event Timeline

CVE-2022-0778: infinite loop in OpenSSL certificate parsing
Closed, ResolvedPublicBUG
Actions