CVE-2022-2068

一、漏洞信息
 漏洞编号：[CVE-2022-2068](https://nvd.nist.gov/vuln/detail/CVE-2022-2068)
 漏洞归属组件：[compat-openssl11](https://gitee.com/src-openeuler/compat-openssl11)
 漏洞归属的版本：1.1.1m
 CVSS V3.0分值：
  BaseScore：7.3 High
  Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
 漏洞简述：
  In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
 漏洞公开时间：2022-06-21 23:15
 漏洞创建时间：2025-11-13 17:18:57
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2022-2068
<details>
<summary>更多参考(点击展开)</summary>

无
</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

无
</details>

二、漏洞分析结构反馈
 影响性分析说明：
  In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
 openEuler评分：
  7.3
 Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.master(1.1.1m):不受影响
2.openEuler-20.03-LTS-SP4:不受影响
3.openEuler-22.03-LTS-SP3:不受影响
4.openEuler-22.03-LTS-SP4:不受影响
5.openEuler-24.03-LTS(1.1.1m):不受影响
6.openEuler-24.03-LTS-Next(1.1.1m):不受影响
7.openEuler-24.03-LTS-SP1(1.1.1m):不受影响
8.openEuler-24.03-LTS-SP2(1.1.1m):不受影响
9.openEuler-24.03-LTS-SP3(1.1.1m):不受影响

修复是否涉及abi变化(是/否)：
  1.master(1.1.1m):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP3:否
4.openEuler-22.03-LTS-SP4:否
5.openEuler-24.03-LTS(1.1.1m):否
6.openEuler-24.03-LTS-Next(1.1.1m):否
7.openEuler-24.03-LTS-SP1(1.1.1m):否
8.openEuler-24.03-LTS-SP2(1.1.1m):否
9.openEuler-24.03-LTS-SP3(1.1.1m):否

原因说明：
  1.master(1.1.1m):不受影响-漏洞代码不存在
2.openEuler-20.03-LTS-SP4:不受影响-漏洞代码不存在
3.openEuler-22.03-LTS-SP3:不受影响-漏洞代码不存在
4.openEuler-22.03-LTS-SP4:不受影响-漏洞代码不存在
5.openEuler-24.03-LTS(1.1.1m):不受影响-漏洞代码不存在
6.openEuler-24.03-LTS-Next(1.1.1m):不受影响-漏洞代码不存在
7.openEuler-24.03-LTS-SP1(1.1.1m):不受影响-漏洞代码不存在
8.openEuler-24.03-LTS-SP2(1.1.1m):不受影响-漏洞代码不存在
9.openEuler-24.03-LTS-SP3(1.1.1m):不受影响-漏洞代码不存在

src-openEuler/compat-openssl11

内容风险标识

评论 (12)

src-openEuler/compat-openssl11 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-2068

评论 (12)

搜索帮助

src-openEuler/compat-openssl11