Описание The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
Важность: CRITICAL (9,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Опубликовано: 3 мая 2022 г.
Изменено: 7 ноября 2023 г.
Идентификатор типа ошибки: CWE-78 Исправленные пакеты Ссылки на рекомендации, решения и инструменты Подверженные конфигурации: cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*
Running on/with:
cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*