Bug 2087913 (CVE-2022-1473) - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
Summary: CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
Alias: CVE-2022-1473
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2089443 2089444 2089474
Blocks: 2087910
TreeView+ depends on / blocked
Reported: 2022-05-18 14:21 UTC by Patrick Del Bello
Modified: 2022-09-26 19:08 UTC (History)
47 users (show)

Fixed In Version: openssl 3.0.3
Doc Type: If docs needed, set a value
Doc Text:
A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability.
Clone Of:
Last Closed: 2022-06-25 20:09:35 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6224 0 None None None 2022-08-30 16:02:17 UTC

Description Patrick Del Bello 2022-05-18 14:21:51 UTC
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).


Comment 2 Todd Cullum 2022-05-23 18:43:11 UTC
Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2089474]

Comment 8 Product Security DevOps Team 2022-06-25 20:09:31 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Comment 9 errata-xmlrpc 2022-08-30 16:02:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224

Note You need to log in before you can comment on or make changes to this bug.