SB2022040205 - Denial of service in FortiAnalyzer OpenSSL library 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022040205

SB2022040205 - Denial of service in FortiAnalyzer OpenSSL library

Published: April 2, 2022 Updated: May 3, 2022

Security Bulletin ID SB2022040205
Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Infinite loop (CVE-ID: CVE-2022-0778)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References