qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/OpenSSL CVE-2022-2274.json

142 lines
7.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "OpenSSL远程代码执行漏洞 CVE-2022-2274",
"Description": "<p><span style=\"font-size: 14px;\"></span>OpenSSL是 OpenSSL团队的一个开源的能够实现安全套接层SSLv2/v3和安全传输层TLSv1协议的通用加密库。<br></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">OpenSSL&nbsp;</span>3.0.4 版本在支持 AVX512IFMA 指令的 X86_64 CPU 的 RSA 实现中引入了一个严重错误。这个问题使得使用 2048 位私钥的 RSA 实现在此类机器上不正确并且在计算过程中会发生内存损坏。由于内存损坏攻击者可能能够在执行计算的机器上触发远程代码执行。SSL/TLS 服务器或其他使用 2048 位 RSA 私钥的服务器在支持 X86_64 架构的 AVX512IFMA 指令的机器上运行会受到此问题的影响。<br></p>",
"Product": "OpenSSL",
"Homepage": "https://www.openssl.org/",
"DisclosureDate": "2022-07-05",
"Author": "twcjw",
"FofaQuery": "agent_scan_result_rule=\"openssl_cve_2022_2247\"",
"GobyQuery": "agent_scan_result_rule=\"openssl_cve_2022_2247\"",
"Level": "3",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">OpenSSL&nbsp;</span><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">3.0.4 版本在支持 AVX512IFMA 指令的 X86_64 CPU 的 RSA 实现中引入了一个严重错误。这个问题使得使用 2048 位私钥的 RSA 实现在此类机器上不正确并且在计算过程中会发生内存损坏。由于内存损坏攻击者可能能够在执行计算的机器上触发远程代码执行。SSL/TLS 服务器或其他使用 2048 位 RSA 私钥的服务器在支持 X86_64 架构的 AVX512IFMA 指令的机器上运行会受到此问题的影响。</span><br></p>",
"Recommendation": "<p>官方已发布安全版本,请及时下载更新,下载地址:</p><p><a href=\"https://github.com/openssl/openssl/tags\">https://github.com/openssl/openssl/tags</a></p>",
"References": [
"https://weixin.shuziguanxing.com/selectDetailsTempateId/1281"
],
"Is0day": false,
"HasExp": false,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"代码执⾏"
],
"VulType": [
"代码执⾏"
],
"CVEIDs": [
"CVE-2022-2274"
],
"CNNVD": [
"CNNVD-202207-242"
],
"CNVD": [
""
],
"CVSSScore": "9.8",
"Translation": {
"CN": {
"Name": "OpenSSL远程代码执行漏洞 CVE-2022-2274",
"Product": "OpenSSL",
"Description": "<p><span style=\"font-size: 14px;\"></span>OpenSSL是 OpenSSL团队的一个开源的能够实现安全套接层SSLv2/v3和安全传输层TLSv1协议的通用加密库。<br></p><p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">OpenSSL&nbsp;</span>3.0.4 版本在支持 AVX512IFMA 指令的 X86_64 CPU 的 RSA 实现中引入了一个严重错误。这个问题使得使用 2048 位私钥的 RSA 实现在此类机器上不正确并且在计算过程中会发生内存损坏。由于内存损坏攻击者可能能够在执行计算的机器上触发远程代码执行。SSL/TLS 服务器或其他使用 2048 位 RSA 私钥的服务器在支持 X86_64 架构的 AVX512IFMA 指令的机器上运行会受到此问题的影响。<br></p>",
"Recommendation": "<p>官方已发布安全版本,请及时下载更新,下载地址:</p><p><a href=\"https://github.com/openssl/openssl/tags\">https://github.com/openssl/openssl/tags</a></p>",
"Impact": "<p><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">OpenSSL&nbsp;</span><span style=\"color: rgb(22, 51, 102); font-size: 16px;\">3.0.4 版本在支持 AVX512IFMA 指令的 X86_64 CPU 的 RSA 实现中引入了一个严重错误。这个问题使得使用 2048 位私钥的 RSA 实现在此类机器上不正确并且在计算过程中会发生内存损坏。由于内存损坏攻击者可能能够在执行计算的机器上触发远程代码执行。SSL/TLS 服务器或其他使用 2048 位 RSA 私钥的服务器在支持 X86_64 架构的 AVX512IFMA 指令的机器上运行会受到此问题的影响。</span><br></p>",
"VulType": [
"代码执⾏"
],
"Tags": [
"代码执⾏"
]
},
"EN": {
"Name": "OpenSSL Remote Code Execution Vulnerability (CVE-2022-2274)",
"Product": "OpenSSL",
"Description": "<p>OpenSSL is an open source general cryptographic library of the OpenSSL team that implements the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols.<br></p><p>OpenSSL version 3.0.4 introduced a critical bug in the RSA implementation of X86_64 CPUs that support the AVX512IFMA instruction. This issue makes RSA implementations using 2048-bit private keys incorrect on such machines, and memory corruption occurs during computation. Due to memory corruption, an attacker may be able to trigger remote code execution on the machine where the computation is performed. SSL/TLS servers or other servers using 2048-bit RSA private keys running on machines that support the AVX512IFMA instruction for the X86_64 architecture are affected by this issue.<br></p>",
"Recommendation": "<p>The official security version has been released, please download the update in time, the download address:<br></p><p><a href=\"https://github.com/openssl/openssl/tags\">https://github.com/openssl/openssl/tags</a><br></p>",
"Impact": "<p>OpenSSL version 3.0.4 introduced a critical bug in the RSA implementation of X86_64 CPUs that support the AVX512IFMA instruction. This issue makes RSA implementations using 2048-bit private keys incorrect on such machines, and memory corruption occurs during computation. Due to memory corruption, an attacker may be able to trigger remote code execution on the machine where the computation is performed. SSL/TLS servers or other servers using 2048-bit RSA private keys running on machines that support the AVX512IFMA instruction for the X86_64 architecture are affected by this issue.<br></p>",
"VulType": [
"Code Execution"
],
"Tags": [
"Code Execution"
]
}
},
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink