Home

CVE-2022-2068

Description

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
20.216

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL 3.0.4Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL (x64) 3.0.4Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL 1.1.1pWindows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL (x64) 1.1.1pWindows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL 1.0.2zfWindows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL (x64) 1.0.2zfWindows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL (64-bit) 3.0.4Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL (MSI)(x64) 3.0.4Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL (MSI)(x86) 3.0.4Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.0Windows
Multiple Vulnerabilities are affected in IBM Aspera Faspex 4.4.2Windows
Vulnerabilities CVE-2022-2068,CVE-2023-32328,CVE-2023-43017,CVE-2024-28767 are affected in IBM Security Verify Directory Integrator 10.0.3Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL Light 3.0.4Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL Light (x64) 3.0.4Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL Library 3.0.4Windows
Vulnerabilities CVE-2022-2068 are fixed in OpenSSL Library x86 3.0.4Windows
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_3.0.2-0ubuntu1.7_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_3.0.2-0ubuntu1.7_test_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_1.1.1l-1ubuntu1.6_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_1.1.1l-1ubuntu1.6_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_1.1.1f-1ubuntu2.16_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_1.1.1f-1ubuntu2.16_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_1.1.1-1ubuntu2.1~18.04.20_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl_1.1.1-1ubuntu2.1~18.04.20_amd64.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl1.0_1.0.2n-1ubuntu5.11_i386.debLinux
Secure Socket Layer (SSL) cryptographic library and tools (USN-5488-1) openssl1.0_1.0.2n-1ubuntu5.11_amd64.debLinux
openssl security update(DSA-5169-1) openssl_1.1.1n-0+deb10u3_i386.debLinux
openssl security update(DSA-5169-1) openssl_1.1.1n-0+deb10u3_amd64.debLinux
openssl security update(DSA-5169-1) openssl_1.1.1n-0+deb11u3_amd64.debLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl-1_0_0-devel-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-32bit-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-debuginfo-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-hmac-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_0_0-hmac-32bit-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-debuginfo-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-debugsource-1.0.2p-3.56.1.x86_64.rpmLinux
SUSE-SU-2022:2181-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_0_0-doc-1.0.2p-3.56.1.noarch.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-32bit-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-32bit-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-hmac-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-hmac-32bit-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debuginfo-1.1.1d-2.66.1.x86_64.rpmLinux
SUSE-SU-2022:2182-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debugsource-1.1.1d-2.66.1.x86_64.rpmLinux
Openssl update (ELSA-2022-5818) openssl-1.1.1k-7.el8_6.x86_64.rpmLinux
Openssl-devel update (ELSA-2022-5818) openssl-devel-1.1.1k-7.el8_6.i686.rpmLinux
Openssl-devel update (ELSA-2022-5818) openssl-devel-1.1.1k-7.el8_6.x86_64.rpmLinux
Openssl-libs update (ELSA-2022-5818) openssl-libs-1.1.1k-7.el8_6.i686.rpmLinux
Openssl-libs update (ELSA-2022-5818) openssl-libs-1.1.1k-7.el8_6.x86_64.rpmLinux
Openssl-perl update (ELSA-2022-5818) openssl-perl-1.1.1k-7.el8_6.x86_64.rpmLinux
(RHSA-2022:5818) openssl security update openssl-1.1.1k-7.el8_6.x86_64.rpmLinux
(RHSA-2022:5818) openssl security update openssl-debugsource-1.1.1k-7.el8_6.i686.rpmLinux
(RHSA-2022:5818) openssl security update openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpmLinux
(RHSA-2022:5818) openssl security update openssl-devel-1.1.1k-7.el8_6.i686.rpmLinux
(RHSA-2022:5818) openssl security update openssl-devel-1.1.1k-7.el8_6.x86_64.rpmLinux
(RHSA-2022:5818) openssl security update openssl-libs-1.1.1k-7.el8_6.i686.rpmLinux
(RHSA-2022:5818) openssl security update openssl-libs-1.1.1k-7.el8_6.x86_64.rpmLinux
(RHSA-2022:5818) openssl security update openssl-perl-1.1.1k-7.el8_6.x86_64.rpmLinux
Openssl update (ELSA-2022-6224) openssl-3.0.1-41.0.1.el9_0.x86_64.rpmLinux
Openssl-devel update (ELSA-2022-6224) openssl-devel-3.0.1-41.0.1.el9_0.i686.rpmLinux
Openssl-devel update (ELSA-2022-6224) openssl-devel-3.0.1-41.0.1.el9_0.x86_64.rpmLinux
Openssl-libs update (ELSA-2022-6224) openssl-libs-3.0.1-41.0.1.el9_0.i686.rpmLinux
Openssl-libs update (ELSA-2022-6224) openssl-libs-3.0.1-41.0.1.el9_0.x86_64.rpmLinux
Openssl-perl update (ELSA-2022-6224) openssl-perl-3.0.1-41.0.1.el9_0.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl-1_1-devel-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-32bit-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-hmac-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openssl-1_1-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openssl-1_1-debuginfo-1.1.1d-150200.11.48.1.x86_64.rpmLinux
SUSE-SU-2022:2251-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openssl-1_1-debugsource-1.1.1d-150200.11.48.1.x86_64.rpmLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) nodejs_12.22.9~dfsg-1ubuntu3.1_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) libnode72_12.22.9~dfsg-1ubuntu3.1_amd64.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) nodejs-doc_12.22.9~dfsg-1ubuntu3.1_all.debLinux
An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) libnode-dev_12.22.9~dfsg-1ubuntu3.1_amd64.debLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2022-2068)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-355449OpenSSL (3.6.1)
PATCH-355451OpenSSL Light (3.6.1)
PATCH-355452OpenSSL Light (x64) (3.6.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234