tnozaki / NetBSD / issues / #287 - [tnozaki-openssl] CVE-2022-0778: The BN_mod_sqrt() function contains a bug that can cause it to loop forever for non-prime moduli — Bitbucket

Issue #287 resolved

Takehiko NOZAKI repo owner created an issue 2022-06-12

https://www.openssl.org/news/vulnerabilities-1.0.2.html#CVE-2021-4160

Comments (1)

Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#287~~ - CVE-2022-0778 The BN_mod_sqrt() function contains a bug that can cause it to loop forever for non-prime moduli

patch obtained from: https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65

original commit message:

Fix possible infinite loop in BN_mod_sqrt() The calculation in some cases does not finish for non-prime p.

This fixes CVE-2022-0778.

Based on patch by David Benjamin davidben@google.com.

Reviewed-by: Paul Dale pauli@openssl.org Reviewed-by: Matt Caswell matt@openssl.org

→ <<cset d97eff0c3d33>>
- 2022-06-12T22:05:17+00:00
Log in to comment

Assignee: Takehiko NOZAKI

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1