Published: 01/07/2022 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 3.0.4
netapp snapcenter -
netapp h410c_firmware -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410s_firmware -

Debian Bug report logs - #1013441 openssl crashes with "munmap_chunk(): invalid pointer" (CVE-2022-2274) Package: libssl3; Maintainer for libssl3 is Debian OpenSSL Team <pkg-openssl-devel@alioth-listsdebiannet>; Source for libssl3 is src:openssl (PTS, buildd, popcon) Reported by: Philippe Daouadi <philippe@ud2org> ...

The OpenSSL 304 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation As a consequence of the memory corruption an attacker may be able ...

Critical Infrastructure Sectors: Critical Manufacturing

A POC OF CVE-2022-2274 (openssl)

CVE-2022-2274 A POC OF CVE-2022-2274 (openssl) The OpenSSL 304 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation As a consequence of the memory corruption an a

OpenSSL-src Heap Memory Corruption with RSA Private Key Operation : CVE-2022-2274

OpenSSL-src Heap Memory Corruption with RSA Private Key Operation : CVE-2022-2274 Summary OpenSSL-src-rust is a source code and logic to build OpenSSL from source written in rust and packaged as a crate There are currently two maintained branches, matching the two maintained OpenSSL versions which are main which builds OpenSSL 30 and release/111 which builds OpenSSL 111 Th

This is an OpenSSL Vulnerability Detection Script for CVE-2022-2274

OpenSSL-Vulnerability-Detection-Script This is an OpenSSL Vulnerability Detection Script for CVE-2022-2274

CWE-787 https://github.com/openssl/openssl/issues/18625 https://www.openssl.org/news/secadv/20220705.txt https://security.netapp.com/advisory/ntap-20220715-0010/https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013441 https://nvd.nist.gov https://github.com/Malwareman007/CVE-2022-2274 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-03

CVE-2022-2274

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect