Vulnerabilities > CVE-2022-2274 - Out-of-bounds Write vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

openssl

netapp

CWE-787

critical

NVD

Published: 2022-07-01

Updated: 2023-11-07

Summary

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

Vulnerable Configurations

Part	Description	Count
Application	Openssl Openssl Openssl 3.0.4	1
Application	Netapp Netapp Snapcenter -	1
OS	Netapp Netapp H410C Firmware - Netapp H300S Firmware - Netapp H500S Firmware - Netapp H700S Firmware - Netapp H410S Firmware -	5
Hardware	Netapp Netapp H410C - Netapp H300S - Netapp H500S - Netapp H700S - Netapp H410S -	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Vulnerabilities > CVE-2022-2274 - Out-of-bounds Write vulnerability in multiple products

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References