Severity: Unknown
Affected Package: openssl
Summary: OpenSSL BN_mod_sqrt() infinite loop when parsing crafted certificates
The BN_mod_sqrt() function, which is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit curve parameters with a base point encoded in compressed form, could be tricked into an infinite loop by a certificate with invalid explicit curve parameters. Because certificate parsing can happen before signature verification, any process that parses externally supplied certificates may be subject to a denial of service.
No specific recommendations provided.
Aliases: CVE-2022-0778
Published: March 15, 2022
Last Modified: March 15, 2022