CVE-2022-1292

CVSS v3.1 9.8 (Critical)

CVSS v2.0 10 (High)

EPSS 12.50 % (96^th)

Affected Products 51

Advisories 38

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Weaknesses

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Related CVEs

CVE-2022-2068

CVE Status: PUBLISHED
CNA: OpenSSL Software Foundation
Published Date: 2022-05-03 16:15:18
(2 years ago)
Updated Date: 2023-11-07 03:41:52
(10 months ago)

Affected Products

Debian

Debian Linux

Fedoraproject

Fedora

Netapp

Openssl

Openssl

Oracle

Configuration #1

	CPE23	From	Up To
Openssl from 1.0.2 version and prior 1.0.2ze version	cpe:2.3:a:openssl:openssl	>= 1.0.2	< 1.0.2ze
Openssl from 1.1.1 version and prior 1.1.1o version	cpe:2.3:a:openssl:openssl	>= 1.1.1	< 1.1.1o
Openssl from 3.0.0 version and prior 3.0.3 version	cpe:2.3:a:openssl:openssl	>= 3.0.0	< 3.0.3

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Debian Linux 11.0	cpe:2.3:o:debian:debian_linux:11.0

Configuration #3

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Active Iq Unified Manager for Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere
	Netapp Active Iq Unified Manager for Windows	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows
	Netapp Clustered Data Ontap	cpe:2.3:a:netapp:clustered_data_ontap:-
	Netapp Clustered Data Ontap Antivirus Connector	cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-
	Netapp Oncommand Insight	cpe:2.3:a:netapp:oncommand_insight:-
	Netapp Oncommand Workflow Automation	cpe:2.3:a:netapp:oncommand_workflow_automation:-
	Netapp Santricity Smi-s Provider	cpe:2.3:a:netapp:santricity_smi-s_provider:-
	Netapp Smi-s Provider	cpe:2.3:a:netapp:smi-s_provider:-
	Netapp Snapcenter	cpe:2.3:a:netapp:snapcenter:-
	Netapp Snapmanager for Hyper-v	cpe:2.3:a:netapp:snapmanager:-:::::hyper-v
	Netapp Solidfire, Enterprise Sds & Hci Storage Node	cpe:2.3:a:netapp:solidfire\%2c_enterprise_sds_\%26_hci_storage_node:-
	Netapp Solidfire & Hci Management Node	cpe:2.3:a:netapp:solidfire_\%26_hci_management_node:-

Configuration #4

AND

		CPE23
OR
	Netapp A700s Firmware	cpe:2.3:o:netapp:a700s_firmware:-
OR
	Running on/with
	Netapp A700s	cpe:2.3:h:netapp:a700s:-

Configuration #5

AND

		CPE23
OR
	Netapp H300s Firmware	cpe:2.3:o:netapp:h300s_firmware:-
OR
	Running on/with
	Netapp H300s	cpe:2.3:h:netapp:h300s:-

Configuration #6

AND

		CPE23
OR
	Netapp H500s Firmware	cpe:2.3:o:netapp:h500s_firmware:-
OR
	Running on/with
	Netapp H500s	cpe:2.3:h:netapp:h500s:-

Configuration #7

AND

		CPE23
OR
	Netapp H700s Firmware	cpe:2.3:o:netapp:h700s_firmware:-
OR
	Running on/with
	Netapp H700s	cpe:2.3:h:netapp:h700s:-

Configuration #8

AND

		CPE23
OR
	Netapp H300e Firmware	cpe:2.3:o:netapp:h300e_firmware:-
OR
	Running on/with
	Netapp H300e	cpe:2.3:h:netapp:h300e:-

Configuration #9

AND

		CPE23
OR
	Netapp H500e Firmware	cpe:2.3:o:netapp:h500e_firmware:-
OR
	Running on/with
	Netapp H500e	cpe:2.3:h:netapp:h500e:-

Configuration #10

AND

		CPE23
OR
	Netapp H700e Firmware	cpe:2.3:o:netapp:h700e_firmware:-
OR
	Running on/with
	Netapp H700e	cpe:2.3:h:netapp:h700e:-

Configuration #11

AND

		CPE23
OR
	Netapp H410s Firmware	cpe:2.3:o:netapp:h410s_firmware:-
OR
	Running on/with
	Netapp H410s	cpe:2.3:h:netapp:h410s:-

Configuration #12

AND

		CPE23
OR
	Netapp Aff 8300 Firmware	cpe:2.3:o:netapp:aff_8300_firmware:-
OR
	Running on/with
	Netapp Aff 8300	cpe:2.3:h:netapp:aff_8300:-

Configuration #13

AND

		CPE23
OR
	Netapp Fas 8300 Firmware	cpe:2.3:o:netapp:fas_8300_firmware:-
OR
	Running on/with
	Netapp Fas 8300	cpe:2.3:h:netapp:fas_8300:-

Configuration #14

AND

		CPE23
OR
	Netapp Aff 8700 Firmware	cpe:2.3:o:netapp:aff_8700_firmware:-
OR
	Running on/with
	Netapp Aff 8700	cpe:2.3:h:netapp:aff_8700:-

Configuration #15

AND

		CPE23
OR
	Netapp Fas 8700 Firmware	cpe:2.3:o:netapp:fas_8700_firmware:-
OR
	Running on/with
	Netapp Fas 8700	cpe:2.3:h:netapp:fas_8700:-

Configuration #16

AND

		CPE23
OR
	Netapp Aff A400 Firmware	cpe:2.3:o:netapp:aff_a400_firmware:-
OR
	Running on/with
	Netapp Aff A400	cpe:2.3:h:netapp:aff_a400:-

Configuration #17

AND

		CPE23
OR
	Netapp Fabric-attached Storage A400 Firmware	cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-
OR
	Running on/with
	Netapp Fabric-attached Storage A400	cpe:2.3:h:netapp:fabric-attached_storage_a400:-

Configuration #18

AND

		CPE23
OR
	Netapp A250 Firmware	cpe:2.3:o:netapp:a250_firmware:-
OR
	Running on/with
	Netapp A250	cpe:2.3:h:netapp:a250:-

Configuration #19

AND

		CPE23
OR
	Netapp Aff 500f Firmware	cpe:2.3:o:netapp:aff_500f_firmware:-
OR
	Running on/with
	Netapp Aff 500f	cpe:2.3:h:netapp:aff_500f:-

Configuration #20

AND

		CPE23
OR
	Netapp Fas 500f Firmware	cpe:2.3:o:netapp:fas_500f_firmware:-
OR
	Running on/with
	Netapp Fas 500f	cpe:2.3:h:netapp:fas_500f:-

Configuration #21

	CPE23	From	Up To
Oracle Enterprise Manager Ops Center 12.4.0.0	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0
Oracle Mysql Server from 5.0.0 version and 5.7.38 and prior versions	cpe:2.3:a:oracle:mysql_server	>= 5.0.0	<= 5.7.38
Oracle Mysql Server from 8.0.0 version and 8.0.29 and prior versions	cpe:2.3:a:oracle:mysql_server	>= 8.0.0	<= 8.0.29
Oracle Mysql Workbench 8.0.29 and prior versions	cpe:2.3:a:oracle:mysql_workbench		<= 8.0.29

Configuration #22

		CPE23	From	Up To
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35
	Fedoraproject Fedora 36	cpe:2.3:o:fedoraproject:fedora:36