- changed status to resolved
[tnozaki-openssl] CVE-2022-1292: The c_rehash script does not properly sanitise shell metacharacters to prevent command injection
Issue #288
resolved
Comments (1)
-
reporter - Log in to comment
BUGFIX: Issue
#288- CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to prevent command injectionpatch obtained from: https://github.com/openssl/openssl/commit/e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
original commit message:
c_rehash: Do not use shell to invoke openssl Except on VMS where it is safe.
This fixes CVE-2022-1292.
Reviewed-by: Matthias St. Pierre Matthias.St.Pierre@ncp-e.com Reviewed-by: Matt Caswell matt@openssl.org
→ <<cset 3bd6b646ad7a>>