Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2022-3358 — NULL Pointer Dereference in Openssl
Severity
7.5HIGHNVD
EPSS
19.5%
top 4.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 11
Latest updateSep 4
Description
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and de…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
🔴Vulnerability Details
6OSV▶
CVE-2022-3358: OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls↗2022-10-11
💥Exploits & PoCs
1📋Vendor Advisories
4Debian▶
CVE-2022-3358: openssl - OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() f...↗2022