Vulnerability identifier: #VU61391

Vulnerability risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835

Exploitation vector: Network

Exploits in database: 4

• April 21, 2022
  • CVE-2022-0778 (Proof of concept for CVE-2022-0778 in P12 and PEM format) [Github]
• April 18, 2022
  • CVE-2022-0778-POC () [Github]
• April 5, 2022
  • cve-2022-0778 () [Github]
• March 16, 2022
  • CVE-2022-0778 (Proof of concept for CVE-2022-0778, which triggers an infinite loop in parsing X.509 certificates due to a bug in BN_mod_sqrt) [Github]

Impact: Denial of service

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation