Attacker Value
Very Low
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
4

CVE-2022-0778

Disclosure Date: March 15, 2022
CVE-2022-0778 CVSS v3 Base Score: 7.5
Exploited in the Wild
Reported by Hoanganh74
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very High
Common in enterpriseUnauthenticatedVulnerable in default configuration
Technical Analysis

The version of Dell EMC iDRAC8 or Dell EMC iDRAC9 prior to 2.83.83.83/5.10.30.00 are vulnerable to this. Dell advisory.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
OpenSSL Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)
OpenSSL Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)
OpenSSL Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • fedoraproject,
  • mariadb,
  • netapp,
  • nodejs,
  • openssl,
  • tenable

Products

  • 500f firmware -,
  • a250 firmware -,
  • cloud volumes ontap mediator -,
  • clustered data ontap -,
  • clustered data ontap antivirus connector -,
  • debian linux 10.0,
  • debian linux 11.0,
  • debian linux 9.0,
  • fedora 34,
  • fedora 36,
  • mariadb,
  • nessus,
  • node.js,
  • openssl,
  • santricity smi-s provider -,
  • storagegrid -

Exploited in the Wild

Reported by:

References

Canonical
CVE-2022-0778 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778)
Advisory
https://www.openssl.org/news/secadv/20220315.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
DSA-5103 (https://www.debian.org/security/2022/dsa-5103)
[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update (https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html)
[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update (https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html)
https://security.netapp.com/advisory/ntap-20220321-0002/
FEDORA-2022-a5f51502f0 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
https://www.tenable.com/security/tns-2022-06
https://www.tenable.com/security/tns-2022-07
FEDORA-2022-9e88b5d8d7 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/)
FEDORA-2022-8bb51f6901 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/)
https://www.tenable.com/security/tns-2022-08
https://www.tenable.com/security/tns-2022-09
https://security.netapp.com/advisory/ntap-20220429-0005/
https://support.apple.com/kb/HT213257
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213255
20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina (http://seclists.org/fulldisclosure/2022/May/33)
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 (http://seclists.org/fulldisclosure/2022/May/35)
20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 (http://seclists.org/fulldisclosure/2022/May/38)
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
GLSA-202210-02 (https://security.gentoo.org/glsa/202210-02)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
https://security.netapp.com/advisory/ntap-20240621-0006/
Exploit
PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.
drago-96/CVE-2022-0778 (https://github.com/drago-96/CVE-2022-0778)
jkakavas/CVE-2022-0778-POC (https://github.com/jkakavas/CVE-2022-0778-POC)
CVE-2022-0778 (https://github.com/0xUhaw/CVE-2022-0778) (Added by AKB Worker)
Miscellaneous
https://www.oracle.com/security-alerts/cpuapr2022.html
http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
https://www.oracle.com/security-alerts/cpujul2022.html
Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 (https://www.rapid7.com/db/vulnerabilities/panos-cve-2022-0778/)
Analyzing CVE-2022-0778: When Square Root Results in a Denial of Service (https://news.sophos.com/en-us/2022/06/01/cve-2022-0778/)
Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms (https://www.rtcsec.com/article/exploiting-cve-2022-0778-in-openssl-vs-webrtc-platforms/)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis