CVE-2022-1292

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1292

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1292.json

Related

Published

2022-05-03T16:15:18Z

Modified

2023-11-29T09:15:14.921191Z

Details

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the crehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

References

Affected packages

Alpine:v3.12 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.13 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.14 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.15 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.15 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.16 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.16 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.17 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Alpine:v3.18 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0

Git / github.com/openssl/openssl

Affected ranges

Type: GIT
Repo: https://github.com/openssl/openssl
Events: Introduced

89cd17a031e022211684eb7eb41190cf1910f9fa

Fixed

4d346a188c27bdf78aa76590c641e1217732ca4b

Introduced

e818b74be2170fbe957a07b0da4401c2b694b3b8

Introduced

e04bd3433fd84e1861bf258ea37928d9845e6a86

Affected versions

openssl-3.*

openssl-3.0.0

openssl-3.0.1

openssl-3.0.2