Arbitrary Code Execution Affecting openssl package, versions >=1.0.2, <1.0.2zf >=1.1.1, <1.1.1p >=3.0.0, <3.0.4
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
22 Jun 2022
21 Jun 2022
Chancen of Qingteng 73lab
How to fix?
OpenSSL to version 1.0.2zf, 1.1.1p, 3.0.4 or higher.
OpenSSL is a SSL/TLS and Crypto toolkit. Deprecated in Mac OS and gone in iOS, this spec gives your project non-deprecated OpenSSL support.
Affected versions of this package are vulnerable to Arbitrary Code Execution via the
c_rehash script, there are places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell.