Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2022-1292

Public on 2022-05-03
Modified on 2023-01-18
Description

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Severity
Medium
See what this means
CVSS v3 Base Score
4.7
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 openssl 2022-06-30 23:38 ALAS-2022-1605
Amazon Linux 2 - Core openssl 2022-05-31 23:50 ALAS2-2022-1801
Amazon Linux 2023 openssl 2023-02-17 20:45 ALAS2023-2023-051
Amazon Linux 2 - Core openssl11 2022-07-06 03:14 ALAS2-2022-1815
Amazon Linux 2 - Core edk2 2024-03-13 20:26 ALAS2-2024-2502

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.7 CVSS v3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
NVD CVSSv2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H