CVE-2022-0778

high

Published 2022-03-15 · Modified 2022-06-30

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.5

Description

RHSA-2022:5326: compat-openssl10 security update (Low)

Predictions

Exploit likelihood

83%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

Fedora Affected 2 releases

Version	Status	Fixed in
36	Affected	—
34	Affected	—

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Mixed 8 releases

Version	Status	Fixed in
trixie	Fixed	`1.1.1n-1`
sid	Fixed	`1.1.1n-1`
forky	Fixed	`1.1.1n-1`
bullseye	Fixed	`1.1.1k-1+deb11u2`
bookworm	Fixed	`1.1.1n-1`
11.0	Affected	—
10.0	Affected	—
9.0	Affected	—

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Rocky Linux Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Package impact

Ecosystem	Package	Vulnerable	Fixed
crates.io	openssl-src
crates.io	openssl-src	`>=300.0.0,<300.0.5`	`300.0.5`
crates.io	openssl-src	`<111.18.0`	`111.18.0`

Application impact

Vendor	Product	Versions	Fixed
openssl	openssl	`{"startIncluding":"1.0.2","endExcluding":"1.0.2zd"}`	`1.0.2zd`
netapp	cloud_volumes_ontap_mediator	`-`
netapp	clustered_data_ontap	`-`
netapp	clustered_data_ontap_antivirus_connector	`-`
netapp	santricity_smi-s_provider	`-`
netapp	storagegrid	`-`
tenable	nessus	`{"endExcluding":"8.15.4"}`	`8.15.4`
mariadb	mariadb	`{"startIncluding":"10.2.0","endExcluding":"10.2.42"}`	`10.2.42`
nodejs	node.js	`{"startIncluding":"12.0.0","endIncluding":"12.12.0"}`
mariadb	mariadb	`{"startIncluding":"10.3.0","endExcluding":"10.3.33"}`	`10.3.33`
mariadb	mariadb	`{"startIncluding":"10.4.0","endExcluding":"10.4.23"}`	`10.4.23`
mariadb	mariadb	`{"startIncluding":"10.5.0","endExcluding":"10.5.14"}`	`10.5.14`
mariadb	mariadb	`{"startIncluding":"10.6.0","endExcluding":"10.6.6"}`	`10.6.6`
mariadb	mariadb	`{"startIncluding":"10.7.0","endExcluding":"10.7.2"}`	`10.7.2`

References

CWEs

CWE-835

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.