VDB
BIT-node-2022-0778
BIT-node-2022-0778
PUBLISHED
CVSS 7.5 HIGH
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | node | 12.0.0, 12.13.0, 14.0.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 17, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch
References
- http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html url
- http://seclists.org/fulldisclosure/2022/May/33 url
- http://seclists.org/fulldisclosure/2022/May/35 url
- http://seclists.org/fulldisclosure/2022/May/38 url
- https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf url
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65 url
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83 url
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246 url
- https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html url
- https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/ url
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002 url
- https://security.gentoo.org/glsa/202210-02 url
- https://security.netapp.com/advisory/ntap-20220321-0002/ url
- https://security.netapp.com/advisory/ntap-20220429-0005/ url
- https://support.apple.com/kb/HT213255 url
- https://support.apple.com/kb/HT213256 url
- https://support.apple.com/kb/HT213257 url
…and 15 more