CVE-2022-1473
📋 TL;DR
A memory leak vulnerability in OpenSSL's OPENSSL_LH_flush() function causes unbounded memory growth when processing certificates or keys. This affects long-lived processes like TLS clients/servers using client certificate authentication, potentially leading to denial of service through process termination. Only OpenSSL 3.0 versions are affected.
💻 Affected Systems
- OpenSSL
📦 What is this software?
Clustered Data Ontap Antivirus Connector by Netapp
View all CVEs affecting Clustered Data Ontap Antivirus Connector →
Fabric Attached Storage A400 Firmware by Netapp
View all CVEs affecting Fabric Attached Storage A400 Firmware →
Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Solidfire \& Hci Management Node by Netapp
⚠️ Risk & Real-World Impact
Worst Case
Critical TLS servers or clients crash due to memory exhaustion, causing extended service outages and requiring manual process restarts.
Likely Case
Gradual memory consumption increase in affected processes leads to periodic crashes and service disruptions, requiring monitoring and restarts.
If Mitigated
Memory growth is contained through monitoring and restart policies, causing only minor performance degradation.
🎯 Exploit Status
Exploitation occurs naturally through normal certificate processing, requiring no attacker interaction. The vulnerability is triggered by legitimate operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OpenSSL 3.0.3
Vendor Advisory: https://www.openssl.org/news/secadv/20220503.txt
Restart Required: Yes
Instructions:
1. Download OpenSSL 3.0.3 from openssl.org 2. Compile and install following platform-specific build instructions 3. Restart all affected services using OpenSSL 4. Recompile any applications statically linked to OpenSSL
🔧 Temporary Workarounds
Restart vulnerable processes
linuxImplement scheduled restarts of TLS services to clear accumulated memory before exhaustion
systemctl restart <service-name>
service <service-name> restart
Memory monitoring and alerts
allMonitor memory usage of OpenSSL processes and trigger alerts/restarts at thresholds
🧯 If You Can't Patch
- Implement aggressive memory monitoring with automated restarts when thresholds exceeded
- Reduce certificate/key processing frequency or move to short-lived processes where possible
🔍 How to Verify
Check if Vulnerable:
Check OpenSSL version with 'openssl version'. If output shows 3.0.0, 3.0.1, or 3.0.2, system is vulnerable.Check Version:
openssl versionVerify Fix Applied:
After patching, verify with 'openssl version' showing 3.0.3 or higher. Monitor process memory usage over time for stabilization.📡 Detection & Monitoring
Log Indicators:
- Process termination logs from OOM killer
- Increasing memory usage patterns in system logs
- TLS service restart logs without apparent cause
Network Indicators:
- TLS connection failures
- Increased latency in TLS handshakes
SIEM Query:
source="systemd" AND "killed process" AND "openssl" OR source="kernel" AND "Out of memory" AND process_name="*ssl*"🔗 References
- https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
- https://security.gentoo.org/glsa/202210-02
- https://security.netapp.com/advisory/ntap-20220602-0009/
- https://www.openssl.org/news/secadv/20220503.txt
- https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
- https://security.gentoo.org/glsa/202210-02
- https://security.netapp.com/advisory/ntap-20220602-0009/
- https://www.openssl.org/news/secadv/20220503.txt
