CVE-2022-2068

Description from NVD

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Information Acquisition Date:2022-06-23T13:36Z
CVSS 2.0: 0.0 None CVSS 3.x: 0.0 None

NVD References

 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
     source:CONFIRM
     tags:
 https://www.openssl.org/news/secadv/20220621.txt
     source:CONFIRM
     tags:
 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
     source:CONFIRM
     tags:
 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
     source:CONFIRM
     tags:

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Linux(3 tweets) OpenSSL(24 tweets) iOS(3 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com54
https://securityonline.info/cve-2022-2068-openssl-command-i...7
https://www.openssl.org/news/secadv/20220621.txt4
https://git.openssl.org/gitweb/?p=openssl.git3
http://security.sios.com3

▼ Show Information from Twitter(48)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com54
securityonline.info7
www.openssl.org4
git.openssl.org3
security.sios.com3

▼ Show Information from Twitter(48)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2022/07/06 Score : 2
Added Har-sia Database : 2022/06/21
Last Modified : 2022/07/06
Highest Scored Date : 2022/06/22
Highest Score : 29