CVE-2022-1292

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-1292
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1292.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-1292
Downstream
Related
Published
2022-05-03T16:15:18Z
Modified
2025-09-30T04:41:19.554327Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the crehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
89cd17a031e022211684eb7eb41190cf1910f9fa
Fixed
4d346a188c27bdf78aa76590c641e1217732ca4b

Affected versions

openssl-3.*

openssl-3.0.0
openssl-3.0.1
openssl-3.0.2