High Severity

Security Bulletin: OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in the BN_mod_sqrt() function (CVE-2022-0778)

Share this post:

OpenSSL is vulnerable to a denial of service due to a flaw in the BN_mod_sqrt() function as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section.

CVE(s): CVE-2022-0778

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM i 7.4
IBM i 7.3
IBM i 7.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6572439
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911

More stories

Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )

July 4, 2022 | High Severity

IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. ...read more


Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

July 4, 2022 | High Severity

IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async (CVE-2021-43138) and nconf (CVE-2022-21803) modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes async >=3.2.3 and nconf 0.12.0 ...read more