A Tasty vulnerability and critical one 9.8 of remote code execution vulnerability and denial of service vulnerability of OpenSSL will be in your hand soon.
CVE-2022-1292 OpenSSL Code Execution Vulnerability
Due to an issue where the c_rehash script does not properly sanitize shell meta-characters, an unauthorized attacker could exploit the vulnerability to send a malicious request to execute a system command, resulting in remote code execution.
The vulnerability CVSS score: 9.8, hazard level: critical
CVE-2022-1473 OpenSSL Denial of Service Vulnerability
Due to memory resource management issues when decoding certificates, an unauthorized attacker could exploit this vulnerability to construct malicious requests, resulting in a denial of service.
The vulnerability CVSS score: 7.5, hazard level: high risk! a total of 38,623,336 related services are open to the world (app="OpenSSL"). The United States has the most with 11,727,666; China is second with 2,994,966; Germany is third with 2,288,855; Japan is fourth with 2,229,943; and France is fifth with 1,438,747.
more info from FOFA:
Patch as soon as possible openssl-3.0.3.
CVE-2022-1292 OpenSSL Code Execution Vulnerability
Due to an issue where the c_rehash script does not properly sanitize shell meta-characters, an unauthorized attacker could exploit the vulnerability to send a malicious request to execute a system command, resulting in remote code execution.
The vulnerability CVSS score: 9.8, hazard level: critical
CVE-2022-1473 OpenSSL Denial of Service Vulnerability
Due to memory resource management issues when decoding certificates, an unauthorized attacker could exploit this vulnerability to construct malicious requests, resulting in a denial of service.
The vulnerability CVSS score: 7.5, hazard level: high risk! a total of 38,623,336 related services are open to the world (app="OpenSSL"). The United States has the most with 11,727,666; China is second with 2,994,966; Germany is third with 2,288,855; Japan is fourth with 2,229,943; and France is fifth with 1,438,747.
more info from FOFA:
Код:
https://fofa.info/result?qbase64=YXBwPSJPcGVuU1NMIg%3D%3DPatch as soon as possible openssl-3.0.3.
Код:
https://github.com/openssl/openssl/tags