CVE-2022-2068

Public on 2022-06-21
Modified on 2023-07-07
Description
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.7
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core edk2 2024-03-13 ALAS2-2024-2502 Fixed
Amazon Linux 1 openssl 2022-07-28 ALAS-2022-1626 Fixed
Amazon Linux 2 - Core openssl 2022-07-28 ALAS2-2022-1831 Fixed
Amazon Linux 2023 openssl 2023-02-17 ALAS2023-2023-051 Fixed
Amazon Linux 2 - Openssl-snapsafe Extra openssl-snapsafe 2023-07-17 ALAS2OPENSSL-SNAPSAFE-2023-001 Fixed
Amazon Linux 2 - Core openssl11 2022-07-28 ALAS2-2022-1832 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H