Vulnerability CVE-2022-4450 - CERT Civis.Net

Vulnerability Name:

CVE-2022-4450 (CCN-246615)

Assigned:

2022-12-13

Published:

2023-02-07

Updated:

2023-07-19

Summary:

OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEM_read_bio_ex() function. By sending specially crafted PEM files for parsing, a remote attacker could exploit this vulnerability to cause the system to crash.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-4450

Source: XF
Type: UNKNOWN
openssl-cve20224450-dos(246615)

Source: openssl-security@openssl.org
Type: Patch, Vendor Advisory
openssl-security@openssl.org

Source: openssl-security@openssl.org
Type: Patch, Vendor Advisory
openssl-security@openssl.org

Source: CCN
Type: Packet Storm Security [02-08-2023]
OpenSSL Toolkit 1.1.1t

Source: CCN
Type: Packet Storm Security [02-08-2023]
OpenSSL Toolkit 3.0.8

Source: CCN
Type: Packet Storm Security [02-07-2023]
OpenSSL Security Advisory 20230207

Source: CCN
Type: IBM Security Bulletin 6959033 (Business Automation Workflow traditional)
Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Source: CCN
Type: IBM Security Bulletin 6959973 (Sterling Connect:Express for UNIX)
IBM Sterling Connect:Express for UNIX is vulnerable to denial of service due to OpenSSL (CVE-2022-4450)

Source: CCN
Type: IBM Security Bulletin 6960511 (DataPower Gateway)
IBM DataPower Gateway potentially vulnerable to Denial of Service (CVE-2022-4450)

Source: CCN
Type: IBM Security Bulletin 6960753 (Aspera faspio Gateway)
IBM Aspera faspio Gateway 1.3.2 has addressed multiple openssl vulnerabilities (CVE-2023-0401, CVE-2022-4203, CVE-2022-4304, CVE-2023-0216, CVE-2023-0215, CVE-2022-4450, CVE-2023-0217, CVE-2023-0286)

Source: CCN
Type: IBM Security Bulletin 6962773 (QRadar WinCollect Agent)
IBM QRadar WinCollect agent has multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6963622 (Watson Explorer)
IBM Watson Explorer affected by vulnerability in OpenSSL.

Source: CCN
Type: IBM Security Bulletin 6963634 (App Connect Enterprise)
Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus

Source: CCN
Type: IBM Security Bulletin 6963784 (Spectrum Protect Client)
Vulnerabilites in OpenSSL may affect IBM Spectrum Protect Backup-Archive Client (CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217)

Source: CCN
Type: IBM Security Bulletin 6964854 (AIX)
Multiple vulnerabilities in OpenSSL affect AIX

Source: CCN
Type: IBM Security Bulletin 6965816 (Spectrum Protect Plus)
Vulnerabilities in Node.js, libcurl, Golang Go, Jetty, Guava, Netty, OpenSSL, Linux kernel may affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6967701 (z/Transaction Processing Facility)
z/Transaction Processing Facility is affected by multiple OpenSSL vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6983555 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Source: CCN
Type: IBM Security Bulletin 6984697 (MobileFirst Foundation)
OpenSSL publicly disclosed vulnerability affects IBM? MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 6985599 (Safer Payments)
Multiple publicly disclosed OpenSSL vulnerabilities affect IBM Safer Payments

Source: CCN
Type: IBM Security Bulletin 6986323 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libcurl, openssl, gnutls, libarchive and libsepol

Source: CCN
Type: IBM Security Bulletin 6986567 (MQ Appliance)
IBM MQ Appliance affected by multiple OpenSSL vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6987063 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to [CVE-2022-4450]

Source: CCN
Type: IBM Security Bulletin 6988351 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6989163 (i)
OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6989193 (CICS TX Advanced)
CVE-2022-45142, CVE-2022-4304, CVE-2022-4450 and CVE-2023-0215 may affect IBM CICS TX Advanced 10.1

Source: CCN
Type: IBM Security Bulletin 6998707 (Power HMC)
Vulnerability in OpenSSL (CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286 ) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6998727 (Cloud Pak for Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business

Source: CCN
Type: IBM Security Bulletin 6998753 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: OpenSSL Security Advisory [7th February 2023]
Double free after calling PEM_read_bio_ex (CVE-2022-4450)

Source: openssl-security@openssl.org
Type: Vendor Advisory
openssl-security@openssl.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openssl:openssl:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:openssl:openssl:3.0.0:*:*:*:*:*:*:*

AND

cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_connect:express:1.5.0:*:*:*:unix:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.1:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_client:8.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*

OR cpe:/a:ibm:app_connect_enterprise_certified_container:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.1.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.2.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.3.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.3.1.03:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.4.0.00:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.4.2.02:*:*:*:*:*:*:*

OR cpe:/a:ibm:safer_payments:6.5.0.00:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7631	P	libopenssl-3-devel-3.0.8-150500.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7630	P	libopenssl-1_1-devel-1.1.1l-150500.15.4 on GA media (Moderate)	2023-06-12
oval:com.redhat.rhsa:def:20231405	P	RHSA-2023:1405: openssl security update (Important)	2023-03-22
oval:com.redhat.rhsa:def:20230946	P	RHSA-2023:0946: openssl security and bug fix update (Important)	2023-03-21
oval:org.opensuse.security:def:51998	P	Security update for openssl-1_1 (Important)	2023-02-07