CVE-2022-1473

Resource leakage when decoding certificates and keys

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

La función OPENSSL_LH_flush(), que vacía una tabla hash, contiene un error que rompe el reúso de la memoria ocupada por las entradas de la tabla hash eliminadas. Esta función es usado cuando son descodificados certificados o claves. Si un proceso de larga duración decodifica periódicamente certificados o claves, su uso de memoria será expandida sin límites y el proceso podría ser terminado por el sistema operativo causando una denegación de servicio. Además, recorrer las entradas vacías de la tabla hash llevará cada vez más tiempo. Normalmente, estos procesos de larga duración pueden ser clientes TLS o servidores TLS configurados para aceptar la autenticación de certificados de clientes. La función fue añadida en la versión 3.0 de OpenSSL, por lo que las versiones anteriores no están afectadas por el problema. Corregido en OpenSSL versión 3.0.3 (Afectado 3.0.0,3.0.1,3.0.2)

A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability.

*Credits: Aliaksei Levin

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-26 CVE Reserved
2022-05-03 CVE Published
2023-12-23 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime
CWE-459: Incomplete Cleanup

CAPEC

References (7)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
https://security.netapp.com/advisory/ntap-20220602-0009	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://security.gentoo.org/glsa/202210-02	2023-11-07
https://www.openssl.org/news/secadv/20220503.txt	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-1473	2022-08-30
https://bugzilla.redhat.com/show_bug.cgi?id=2087913	2022-08-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	A700s Firmware Search vendor "Netapp" for product "A700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	A700s Search vendor "Netapp" for product "A700s"	-	-	Safe
Netapp Search vendor "Netapp"	H300s Firmware Search vendor "Netapp" for product "H300s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300s Search vendor "Netapp" for product "H300s"	-	-	Safe
Netapp Search vendor "Netapp"	H500s Firmware Search vendor "Netapp" for product "H500s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500s Search vendor "Netapp" for product "H500s"	-	-	Safe
Netapp Search vendor "Netapp"	H700s Firmware Search vendor "Netapp" for product "H700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700s Search vendor "Netapp" for product "H700s"	-	-	Safe
Netapp Search vendor "Netapp"	H300e Firmware Search vendor "Netapp" for product "H300e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300e Search vendor "Netapp" for product "H300e"	-	-	Safe
Netapp Search vendor "Netapp"	H500e Firmware Search vendor "Netapp" for product "H500e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500e Search vendor "Netapp" for product "H500e"	-	-	Safe
Netapp Search vendor "Netapp"	H700e Firmware Search vendor "Netapp" for product "H700e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700e Search vendor "Netapp" for product "H700e"	-	-	Safe
Netapp Search vendor "Netapp"	H410s Firmware Search vendor "Netapp" for product "H410s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410s Search vendor "Netapp" for product "H410s"	-	-	Safe
Netapp Search vendor "Netapp"	Aff 8300 Firmware Search vendor "Netapp" for product "Aff 8300 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff 8300 Search vendor "Netapp" for product "Aff 8300"	-	-	Safe
Netapp Search vendor "Netapp"	Fas 8300 Firmware Search vendor "Netapp" for product "Fas 8300 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fas 8300 Search vendor "Netapp" for product "Fas 8300"	-	-	Safe
Netapp Search vendor "Netapp"	Aff 8700 Firmware Search vendor "Netapp" for product "Aff 8700 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff 8700 Search vendor "Netapp" for product "Aff 8700"	-	-	Safe
Netapp Search vendor "Netapp"	Fas 8700 Firmware Search vendor "Netapp" for product "Fas 8700 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fas 8700 Search vendor "Netapp" for product "Fas 8700"	-	-	Safe
Netapp Search vendor "Netapp"	Aff A400 Firmware Search vendor "Netapp" for product "Aff A400 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff A400 Search vendor "Netapp" for product "Aff A400"	-	-	Safe
Netapp Search vendor "Netapp"	Fabric-attached Storage A400 Firmware Search vendor "Netapp" for product "Fabric-attached Storage A400 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fabric-attached Storage A400 Search vendor "Netapp" for product "Fabric-attached Storage A400"	-	-	Safe
Netapp Search vendor "Netapp"	A250 Firmware Search vendor "Netapp" for product "A250 Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	A250 Search vendor "Netapp" for product "A250"	-	-	Safe
Netapp Search vendor "Netapp"	Aff 500f Firmware Search vendor "Netapp" for product "Aff 500f Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Aff 500f Search vendor "Netapp" for product "Aff 500f"	-	-	Safe
Netapp Search vendor "Netapp"	Fas 500f Firmware Search vendor "Netapp" for product "Fas 500f Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	Fas 500f Search vendor "Netapp" for product "Fas 500f"	-	-	Safe
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 3.0.0 < 3.0.3 Search vendor "Openssl" for product "Openssl" and version " >= 3.0.0 < 3.0.3"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vsphere		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Antivirus Connector Search vendor "Netapp" for product "Clustered Data Ontap Antivirus Connector"				-		-		Affected
Netapp Search vendor "Netapp"		Santricity Smi-s Provider Search vendor "Netapp" for product "Santricity Smi-s Provider"				-		-		Affected
Netapp Search vendor "Netapp"		Smi-s Provider Search vendor "Netapp" for product "Smi-s Provider"				-		-		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				-		hyper-v		Affected
Netapp Search vendor "Netapp"		Solidfire\, Enterprise Sds \& Hci Storage Node Search vendor "Netapp" for product "Solidfire\, Enterprise Sds \& Hci Storage Node"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node"				-		-		Affected