CVE & CISA-KEV Catalog

CVE-2022-3358

HIGHEPSS 85th pctl
7.5
CVSS v3
NVD

Description

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

How to fix

Remediation Available
opensslDebian
Fixed in:3.0.7-1CVE-2022-3358
Fixed in:3.0.7-1CVE-2022-3358
Fixed in:3.0.7-1CVE-2022-3358
opensslRed Hat / RHEL
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
opensslRocky
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-debuginfoRed Hat / RHEL
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-debuginfoRocky
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-debugsourceRed Hat / RHEL
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-debugsourceRocky
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-develRed Hat / RHEL
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-develRocky
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-libsRed Hat / RHEL
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-libsRocky
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-libs-debuginfoRed Hat / RHEL
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-libs-debuginfoRocky
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-perlRed Hat / RHEL
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
openssl-perlRocky
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
Fixed in:1:3.0.7-6.el9_2RHSA-2023:2523
libssl3Ubuntu
Fixed in:3.0.2-0ubuntu1.7USN-5710-1
Fixed in:3.0.5-2ubuntu2USN-5710-1
opensslUbuntu
Fixed in:3.0.2-0ubuntu1.7USN-5710-1
Fixed in:3.0.5-2ubuntu2USN-5710-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

2.85%probability of exploitation in 30 days
85thpercentile

Elevated risk: more likely to be exploited than 85% of all known CVEs.

References

Related Vulnerabilities

Other CWE-476 (NULL Pointer Dereference) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-21758High7.592%-Fix
CVE-2023-21547High7.588%-Fix
CVE-2014-3470Medium4.386%-Fix
CVE-2021-44224High8.282%-Fix
CVE-2016-0742High7.582%-Fix
CVE-2009-1386Medium5.080%-Fix
Embed a live status badge for CVE-2022-3358
CVE-2022-3358 severity badge

Markdown

[![CVE-2022-3358](https://tridentstack.com/cve/badge/CVE-2022-3358.svg)](https://tridentstack.com/cve/CVE-2022-3358)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-3358"><img src="https://tridentstack.com/cve/badge/CVE-2022-3358.svg" alt="CVE-2022-3358"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.