tnozaki / NetBSD / issues / #288 - [tnozaki-openssl] CVE-2022-1292: The c_rehash script does not properly sanitise shell metacharacters to prevent command injection — Bitbucket

Issue #288 resolved

Takehiko NOZAKI repo owner created an issue 2022-06-12

https://www.openssl.org/news/vulnerabilities-1.0.2.html#CVE-2021-4160

Comments (1)

Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#288~~ - CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to prevent command injection

patch obtained from: https://github.com/openssl/openssl/commit/e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23

original commit message:

c_rehash: Do not use shell to invoke openssl Except on VMS where it is safe.

This fixes CVE-2022-1292.

Reviewed-by: Matthias St. Pierre Matthias.St.Pierre@ncp-e.com Reviewed-by: Matt Caswell matt@openssl.org

→ <<cset 3bd6b646ad7a>>
- 2022-06-12T22:05:17+00:00
Log in to comment

Assignee: Takehiko NOZAKI

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1