CVE-2022-0778 - Infinite loop in BN_mod_sqrt() reachable when parsing certificates
21226
09 May 2023
27 September 2022
CLOSED
LOW
Base Score: 7.5 - HIGH - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
N/A
CVE-2022-0778
Summary
Security Advisory ID: BSA-2022-1752
Component: OpenSSL
Revision: 2.0
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. More information is at https://www.openssl.org/news/secadv/20220315.txt
Affected Products
- Brocade Active Support Connectivity Gateway (ASC-G) before v2.1.0 OVA.
- Brocade Fabric OS 8.x and 9.x.
Products Confirmed Not Vulnerable
- Brocade SANnav
No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
Security update provided in Brocade Fabric OS v9.1.1 and v9.0.1e, v9.2.0 v8.2.3d, and Brocade ASCG 2.1 OVA image.
Revision History
|
Version |
Change |
Date |
|---|---|---|
|
1.0 |
Initial Publication |
Sept 27, 2022 |
|
1.1 |
Affected products updated |
Oct 6, 2022 |
|
2.0 |
Fabric OS Status update, Solution update |
May 8, 2023 |