CVE-2022-2068
Public on 2022-06-21
Modified on 2025-04-21
Description
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Core | edk2 | 2024-03-13 | ALAS2-2024-2502 | Fixed |
| HAQM Linux 1 | openssl | 2022-07-28 | ALAS-2022-1626 | Fixed |
| HAQM Linux 2 - Core | openssl | 2022-07-28 | ALAS2-2022-1831 | Fixed |
| HAQM Linux 2023 | openssl | 2023-02-17 | ALAS2023-2023-051 | Fixed |
| HAQM Linux 2 - Openssl-snapsafe Extra | openssl-snapsafe | 2023-07-17 | ALAS2OPENSSL-SNAPSAFE-2023-001 | Fixed |
| HAQM Linux 2 - Core | openssl11 | 2022-07-28 | ALAS2-2022-1832 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |