NVD - CVE-2022-0778 (original) (raw)
CVE-2022-0778 Detail
Description
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
Metrics
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
N/A
NVD assessment not yet provided.
CVSS 3.x Severity and Vector Strings:
NIST: NVD
Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ADP: CISA-ADP
Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Base Score: 5.0 MEDIUM
Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].
Weakness Enumeration
| CWE-ID | CWE Name | Source |
|---|---|---|
| CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') | NIST CISA-ADP |
Known Affected Software Configurations Switch to CPE 2.2
CPEs loading, please wait.
Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.
Change History
33 change records found show changes
CVE Modified by siemens-SADP 6/17/2026 12:21:13 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | Record truncated, showing 2048 of 112201 characters. View Entire Change Record [{"vendor":"Siemens","product":"BFCClient","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V2.17","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"Industrial Edge - OPC UA Connector","defaultStatus":"unknown","versions":[{"version":"All versions < V1.7","status":"affected"}]},{"vendor":"Siemens","product":"Industrial Edge - SIMATIC S7 Connector App","defaultStatus":"unknown","versions":[{"version":"All versions < V1.7","status":"affected"}]},{"vendor":"Siemens","product":"OpenPCS 7 V8.2","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"OpenPCS 7 V9.0","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"OpenPCS 7 V9.1","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"RUGGEDCOM CROSSBOW Station Access Controller (SAC)","defaultStatus":"unknown","versions":[{"version":"All versions only when running on ROX II < V2.15.1","status":"affected"}]},{"vendor":"Siemens","product":"RUGGEDCOM RM1224 LTE(4G) EU","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V7.2","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"RUGGEDCOM RM1224 LTE(4G) NAM","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V7.2","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"RUGGEDCOM ROX MX5000","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V2.15.1","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"RUGGEDCOM ROX MX5000RE","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V2.15.1","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"RUGGEDCOM ROX RX1400","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V2.15.1","versionType":"custom","status":"aff |
CVE Modified by CISA-ADP 6/17/2026 12:21:13 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | SSVC | {"timestamp":"2026-05-22T13:27:14.476267Z","id":"CVE-2022-0778","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"} |
CVE Modified by OpenSSL Software Foundation 6/17/2026 12:21:13 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Affected | [{"vendor":"OpenSSL","product":"OpenSSL","versions":[{"version":"Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)","status":"affected"},{"version":"Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)","status":"affected"},{"version":"Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)","status":"affected"}]}] |
CVE Modified by CISA-ADP 5/22/2026 10:16:19 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |
| Added | CWE | CWE-835 |
CVE Modified by siemens-SADP 4/14/2026 6:16:21 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://cert-portal.siemens.com/productcert/html/ssa-019200.html | |
| Added | Reference | https://cert-portal.siemens.com/productcert/html/ssa-028723.html | |
| Added | Reference | https://cert-portal.siemens.com/productcert/html/ssa-108696.html | |
| Added | Reference | https://cert-portal.siemens.com/productcert/html/ssa-398330.html | |
| Added | Reference | https://cert-portal.siemens.com/productcert/html/ssa-712929.html |
CVE Modified by CVE 11/21/2024 1:39:22 AM
CVE Modified by OpenSSL Software Foundation 6/21/2024 3:15:21 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned] |
CVE Modified by OpenSSL Software Foundation 5/14/2024 5:53:27 AM
| Action | Type | Old Value | New Value |
|---|
CVE Modified by OpenSSL Software Foundation 11/06/2023 10:41:33 PM
Modified Analysis by NIST 11/09/2022 3:43:44 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | Reference Type | https://security.gentoo.org/glsa/202210-02 No Types Assigned | https://security.gentoo.org/glsa/202210-02 Third Party Advisory |
CVE Modified by OpenSSL Software Foundation 10/16/2022 1:15:15 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://security.gentoo.org/glsa/202210-02 [No Types Assigned] |
Modified Analysis by NIST 8/29/2022 4:26:36 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CPE Configuration | OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 12.0.0 up to (including) 12.12.0 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 12.13.0 up to (excluding) 12.22.11 *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (excluding) 14.0.0 up to (including) 14.14.0 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 14.15.0 up to (excluding) 14.19.1 *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (excluding) 16.0.0 up to (including) 16.12.0 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 16.13.0 up to (excluding) 16.14.2 *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (excluding) 17.0.0 up to (excluding) 17.7.2 | |
| Changed | Reference Type | http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN\_mod\_sqrt-Infinite-Loop.html Third Party Advisory | http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN\_mod\_sqrt-Infinite-Loop.html Third Party Advisory, VDB Entry |
| Changed | Reference Type | http://seclists.org/fulldisclosure/2022/May/33 Third Party Advisory | http://seclists.org/fulldisclosure/2022/May/33 Mailing List, Third Party Advisory |
| Changed | Reference Type | http://seclists.org/fulldisclosure/2022/May/35 Third Party Advisory | http://seclists.org/fulldisclosure/2022/May/35 Mailing List, Third Party Advisory |
| Changed | Reference Type | http://seclists.org/fulldisclosure/2022/May/38 Third Party Advisory | http://seclists.org/fulldisclosure/2022/May/38 Mailing List, Third Party Advisory |
| Changed | Reference Type | https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned | https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory |
CVE Modified by OpenSSL Software Foundation 7/25/2022 2:19:17 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned] |
Modified Analysis by NIST 7/18/2022 2:47:38 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | CPE Configuration | OR *cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | OR *cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
| Added | CPE Configuration | OR *cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from (including) 10.2.0 up to (excluding) 10.2.42 *cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from (including) 10.3.0 up to (excluding) 10.3.33 *cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from (including) 10.4.0 up to (excluding) 10.4.23 *cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from (including) 10.5.0 up to (excluding) 10.5.14 *cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from (including) 10.6.0 up to (excluding) 10.6.6 *cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* versions from (including) 10.7.0 up to (excluding) 10.7.2 | |
| Added | CPE Configuration | OR *cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* versions up to (excluding) 8.15.4 *cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* versions from (including) 10.0.0 up to (excluding) 10.1.2 | |
| Changed | Reference Type | http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN\_mod\_sqrt-Infinite-Loop.html No Types Assigned | http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN\_mod\_sqrt-Infinite-Loop.html Third Party Advisory |
| Changed | Reference Type | http://seclists.org/fulldisclosure/2022/May/33 No Types Assigned | http://seclists.org/fulldisclosure/2022/May/33 Third Party Advisory |
| Changed | Reference Type | http://seclists.org/fulldisclosure/2022/May/35 No Types Assigned | http://seclists.org/fulldisclosure/2022/May/35 Third Party Advisory |
| Changed | Reference Type | http://seclists.org/fulldisclosure/2022/May/38 No Types Assigned | http://seclists.org/fulldisclosure/2022/May/38 Third Party Advisory |
| Changed | Reference Type | https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf No Types Assigned | https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf Third Party Advisory |
| Changed | Reference Type | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/ No Types Assigned | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/ Mailing List, Third Party Advisory |
| Changed | Reference Type | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/ Mailing List | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/ Mailing List, Third Party Advisory |
| Changed | Reference Type | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/ No Types Assigned | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/ Mailing List, Third Party Advisory |
| Changed | Reference Type | https://security.netapp.com/advisory/ntap-20220429-0005/ No Types Assigned | https://security.netapp.com/advisory/ntap-20220429-0005/ Third Party Advisory |
| Changed | Reference Type | https://support.apple.com/kb/HT213255 No Types Assigned | https://support.apple.com/kb/HT213255 Third Party Advisory |
| Changed | Reference Type | https://support.apple.com/kb/HT213256 No Types Assigned | https://support.apple.com/kb/HT213256 Third Party Advisory |
| Changed | Reference Type | https://support.apple.com/kb/HT213257 No Types Assigned | https://support.apple.com/kb/HT213257 Third Party Advisory |
| Changed | Reference Type | https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned | https://www.oracle.com/security-alerts/cpuapr2022.html Third Party Advisory |
| Changed | Reference Type | https://www.tenable.com/security/tns-2022-06 No Types Assigned | https://www.tenable.com/security/tns-2022-06 Third Party Advisory |
| Changed | Reference Type | https://www.tenable.com/security/tns-2022-07 No Types Assigned | https://www.tenable.com/security/tns-2022-07 Third Party Advisory |
| Changed | Reference Type | https://www.tenable.com/security/tns-2022-08 No Types Assigned | https://www.tenable.com/security/tns-2022-08 Third Party Advisory |
| Changed | Reference Type | https://www.tenable.com/security/tns-2022-09 No Types Assigned | https://www.tenable.com/security/tns-2022-09 Third Party Advisory |
CVE Modified by OpenSSL Software Foundation 6/14/2022 6:15:18 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 6/02/2022 10:15:32 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN\_mod\_sqrt-Infinite-Loop.html [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 5/17/2022 3:15:20 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | http://seclists.org/fulldisclosure/2022/May/33 [No Types Assigned] | |
| Added | Reference | http://seclists.org/fulldisclosure/2022/May/35 [No Types Assigned] | |
| Added | Reference | http://seclists.org/fulldisclosure/2022/May/38 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 5/16/2022 4:15:14 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://support.apple.com/kb/HT213255 [No Types Assigned] | |
| Added | Reference | https://support.apple.com/kb/HT213256 [No Types Assigned] | |
| Added | Reference | https://support.apple.com/kb/HT213257 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 4/29/2022 10:15:08 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://security.netapp.com/advisory/ntap-20220429-0005/ [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 4/20/2022 2:15:10 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.tenable.com/security/tns-2022-09 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 4/19/2022 8:16:39 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 4/06/2022 4:15:09 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.tenable.com/security/tns-2022-08 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 4/04/2022 10:15:07 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/ [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 4/02/2022 11:15:07 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/ [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 3/31/2022 7:15:07 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.tenable.com/security/tns-2022-07 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 3/30/2022 7:15:08 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.tenable.com/security/tns-2022-06 [No Types Assigned] |
Modified Analysis by NIST 3/30/2022 12:01:58 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Changed | CPE Configuration | OR *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (excluding) 1.0.2zd *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (excluding) 1.1.1n *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.2 | OR *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (excluding) 1.0.2zd *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.0 up to (excluding) 1.1.1n *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.2 |
| Added | CPE Configuration | OR *cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | |
| Changed | Reference Type | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/ No Types Assigned | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/ Mailing List |
| Changed | Reference Type | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002 No Types Assigned | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002 Third Party Advisory |
CVE Modified by OpenSSL Software Foundation 3/22/2022 7:15:07 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002 [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 3/22/2022 2:15:12 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://lists.fedoraproject.org/archives/list/[\[email protected]](/cdn-cgi/l/email-protection)/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/ [No Types Assigned] |
Initial Analysis by NIST 3/21/2022 12:51:52 PM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | CVSS V3.1 | NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |
| Added | CVSS V2 | NIST (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |
| Added | CWE | NIST CWE-835 | |
| Added | CPE Configuration | AND OR *cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:* | |
| Added | CPE Configuration | AND OR *cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:* | |
| Added | CPE Configuration | OR *cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* | |
| Added | CPE Configuration | OR *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (excluding) 1.0.2zd *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (excluding) 1.1.1n *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.2 | |
| Added | CPE Configuration | OR *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | |
| Changed | Reference Type | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65 No Types Assigned | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65 Mailing List, Patch, Vendor Advisory |
| Changed | Reference Type | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83 No Types Assigned | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83 Broken Link |
| Changed | Reference Type | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246 No Types Assigned | https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246 Mailing List, Patch, Vendor Advisory |
| Changed | Reference Type | https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html No Types Assigned | https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html Mailing List, Third Party Advisory |
| Changed | Reference Type | https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html No Types Assigned | https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html Mailing List, Third Party Advisory |
| Changed | Reference Type | https://security.netapp.com/advisory/ntap-20220321-0002/ No Types Assigned | https://security.netapp.com/advisory/ntap-20220321-0002/ Third Party Advisory |
| Changed | Reference Type | https://www.debian.org/security/2022/dsa-5103 No Types Assigned | https://www.debian.org/security/2022/dsa-5103 Third Party Advisory |
| Changed | Reference Type | https://www.openssl.org/news/secadv/20220315.txt No Types Assigned | https://www.openssl.org/news/secadv/20220315.txt Vendor Advisory |
CVE Modified by OpenSSL Software Foundation 3/21/2022 11:15:07 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://security.netapp.com/advisory/ntap-20220321-0002/ [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 3/17/2022 8:15:08 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html [No Types Assigned] | |
| Added | Reference | https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html [No Types Assigned] |
CVE Modified by OpenSSL Software Foundation 3/16/2022 7:15:08 AM
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Reference | https://www.debian.org/security/2022/dsa-5103 [No Types Assigned] |
Quick Info
CVE Dictionary Entry:
CVE-2022-0778
NVD Published Date:
03/15/2022
NVD Last Modified:
06/17/2026
Source:
OpenSSL Software Foundation