CVE-2022-0778
📋 TL;DR
CVE-2022-0778 is a denial-of-service vulnerability in OpenSSL's BN_mod_sqrt() function that can cause infinite loops when parsing specially crafted certificates or private keys containing invalid elliptic curve parameters. This affects any system using vulnerable OpenSSL versions to parse external certificates, including TLS clients/servers, certificate authorities, and hosting providers. The vulnerability allows attackers to cause service disruption without authentication.
💻 Affected Systems
- OpenSSL
📦 What is this software?
Clustered Data Ontap Antivirus Connector by Netapp
View all CVEs affecting Clustered Data Ontap Antivirus Connector →
Fedora by Fedoraproject
Fedora by Fedoraproject
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
Mariadb by Mariadb
Nessus by Tenable
Nessus by Tenable
Node.js by Nodejs
Node.js by Nodejs
Node.js by Nodejs
Node.js by Nodejs
Node.js by Nodejs
Node.js by Nodejs
Node.js by Nodejs
Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →⚠️ Risk & Real-World Impact
Worst Case
Complete service outage through resource exhaustion as infinite loops consume 100% CPU, potentially affecting all services using vulnerable OpenSSL for certificate parsing.
Likely Case
Targeted DoS attacks against specific services that parse external certificates, causing service disruption until processes are restarted.
If Mitigated
Minimal impact with proper network filtering, certificate validation, and updated OpenSSL versions preventing exploitation.
🎯 Exploit Status
Exploitation requires crafting certificates with invalid elliptic curve parameters. Public proof-of-concept code exists and has been weaponized for DoS attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OpenSSL 1.1.1n, 3.0.2, 1.0.2zd
Vendor Advisory: https://www.openssl.org/news/secadv/20220315.txt
Restart Required: Yes
Instructions:
1. Identify OpenSSL version with 'openssl version'. 2. Update to patched version via package manager: 'apt update && apt upgrade openssl' (Debian/Ubuntu) or 'yum update openssl' (RHEL/CentOS). 3. Restart all services using OpenSSL. 4. Recompile any statically linked applications with updated OpenSSL.
🔧 Temporary Workarounds
Certificate validation filtering
allImplement certificate validation to reject certificates with explicit elliptic curve parameters before parsing.
Resource limiting
linuxSet CPU time limits on processes that parse certificates to prevent infinite loop exhaustion.
ulimit -t 30
systemctl set-property service-name CPUQuota=50%
🧯 If You Can't Patch
- Implement network filtering to block untrusted certificate sources at perimeter
- Deploy monitoring for CPU spikes in certificate parsing processes and implement automated restart policies
🔍 How to Verify
Check if Vulnerable:
Run 'openssl version' and check if version is in affected range: 1.0.2-1.0.2zc, 1.1.1-1.1.1m, 3.0.0-3.0.1Check Version:
openssl versionVerify Fix Applied:
Confirm version is 1.1.1n or higher, 3.0.2 or higher, or 1.0.2zd or higher with 'openssl version'📡 Detection & Monitoring
Log Indicators:
- Processes stuck at 100% CPU usage
- Certificate parsing timeouts
- OpenSSL error logs showing certificate parsing failures
Network Indicators:
- Unusual certificate submissions to TLS endpoints
- Spike in certificate validation requests from single sources
SIEM Query:
process.cpu.usage:>95 AND process.name:(openssl OR service_using_openssl) AND NOT process.version:(1.1.1n OR 3.0.2 OR 1.0.2zd)🔗 References
- http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246
- https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
- https://security.gentoo.org/glsa/202210-02
- https://security.netapp.com/advisory/ntap-20220321-0002/
- https://security.netapp.com/advisory/ntap-20220429-0005/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.debian.org/security/2022/dsa-5103
- https://www.openssl.org/news/secadv/20220315.txt
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-06
- https://www.tenable.com/security/tns-2022-07
- https://www.tenable.com/security/tns-2022-08
- https://www.tenable.com/security/tns-2022-09
- http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246
- https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
- https://security.gentoo.org/glsa/202210-02
- https://security.netapp.com/advisory/ntap-20220321-0002/
- https://security.netapp.com/advisory/ntap-20220429-0005/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://www.debian.org/security/2022/dsa-5103
- https://www.openssl.org/news/secadv/20220315.txt
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.tenable.com/security/tns-2022-06
- https://www.tenable.com/security/tns-2022-07
- https://www.tenable.com/security/tns-2022-08
- https://www.tenable.com/security/tns-2022-09
