{"id":"CVE-2022-0778","details":"The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).","aliases":["BIT-mariadb-2022-0778","BIT-mariadb-min-2022-0778","BIT-mysql-client-2022-0778","BIT-node-2022-0778","BIT-node-min-2022-0778","GHSA-x3mh-jvjw-3xwx","RUSTSEC-2022-0014"],"modified":"2026-04-16T04:38:46.962967768Z","published":"2022-03-15T17:15:08.513Z","related":["ALSA-2022:1065","ALSA-2022:5326","CGA-h325-75qc-q583","SUSE-RU-2022:0861-1","SUSE-SU-2022:0851-1","SUSE-SU-2022:0853-1","SUSE-SU-2022:0854-1","SUSE-SU-2022:0856-1","SUSE-SU-2022:0857-1","SUSE-SU-2022:0859-1","SUSE-SU-2022:0860-1","SUSE-SU-2022:0861-1","SUSE-SU-2022:0935-1","SUSE-SU-2022:1459-1","SUSE-SU-2022:1461-1","SUSE-SU-2022:1462-1","SUSE-SU-2022:14915-1","SUSE-SU-2022:14916-1","SUSE-SU-2022:1536-1","openSUSE-SU-2022:0856-1","openSUSE-SU-2024:11927-1","openSUSE-SU-2024:11933-1","openSUSE-SU-2024:11944-1","openSUSE-SU-2024:11953-1","openSUSE-SU-2024:12444-1","openSUSE-SU-2025:14965-1"],"references":[{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213256"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2022-08"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/May/35"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220321-0002/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5103"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20220315.txt"},{"type":"ADVISORY","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-02"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/May/38"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213255"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213257"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220429-0005/"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/May/33"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2022-07"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2022-09"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"},{"type":"ADVISORY","url":"https://www.tenable.com/security/tns-2022-06"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"0"},{"last_affected":"776555af021e917ce0d6235386b43ae59fdd5161"},{"introduced":"776555af021e917ce0d6235386b43ae59fdd5161"},{"fixed":"78564373fee5e6cccf144b11bc60b0876b4bbd0b"},{"introduced":"9664240c948a92c22ccda0e1f5a420eb776ddcb1"},{"fixed":"e2b50213cf12623da31c8b49be4d40772876223c"},{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"41a163ac5ccf4ac5394edc84e40b3f47acea6b08"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"c04a203a10e282e1f33fd04d8a1b7ff0b076bce5"},{"introduced":"7c7f9bef28aa566557da31402142f6dd8298ddd2"},{"fixed":"ad3ac55641f18172807b13423353f01377f76e6e"},{"introduced":"1a647b700f6b72dc97211510a5d0c647d5d3d911"},{"fixed":"4ffffd98a5ac89b78954aaa2197b40850ade4191"},{"introduced":"0"},{"fixed":"cb1316b8d213aded32aa2c1a98271eede179146d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"10.0.0"},{"fixed":"10.1.2"},{"introduced":"10.2.0"},{"fixed":"10.2.42"},{"introduced":"10.3.0"},{"fixed":"10.3.33"},{"introduced":"10.4.0"},{"fixed":"10.4.23"},{"introduced":"10.5.0"},{"fixed":"10.5.14"},{"introduced":"10.6.0"},{"fixed":"10.6.6"},{"introduced":"10.7.0"},{"fixed":"10.7.2"}]}},{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"0"},{"last_affected":"fa9990f3fb5b06fe94e294925246d2c136deb2c2"},{"introduced":"0"},{"last_affected":"cea049bcf8bb0f9a6e0095dbd5dffdb14dc8f71b"},{"introduced":"2f45ad8060e13d5ac912335096d21526f2f9602b"},{"last_affected":"921493e2287aa895679620155b5288b2e1587bfd"},{"introduced":"42cce5a9d0fd905bf4ad7a2528c36572dfb8b5ad"},{"fixed":"cdb72ea5d913a19ec988c680679de4182239fb18"},{"introduced":"0"},{"last_affected":"354b6a93bd1d66f1833489d6fe01a2b0e8f6aff9"},{"introduced":"c1da528bc25c9cc5a8240a7b4f136f5968f6e113"},{"fixed":"9e0bba5648e9c4116b06a31afeb216bbba39c134"},{"introduced":"0"},{"last_affected":"49415500bb1bf51a1fade5ea2d03f3988ecabc25"},{"introduced":"40ecd5601193c316e62e9216e8a4259130686208"},{"fixed":"442e84a358d75152556b5d087e4dd6a51615330d"},{"introduced":"0"},{"fixed":"db3d88267f618b8f19464d1178421e1cb1651fb5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"last_affected":"11.0"},{"introduced":"12.0.0"},{"last_affected":"12.12.0"},{"introduced":"12.13.0"},{"fixed":"12.22.11"},{"introduced":"0"},{"last_affected":"14.14.0"},{"introduced":"14.15.0"},{"fixed":"14.19.1"},{"introduced":"0"},{"last_affected":"16.12.0"},{"introduced":"16.13.0"},{"fixed":"16.14.2"},{"introduced":"0"},{"fixed":"17.7.2"}]}},{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"fixed":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"7ea5bd2b52d0e81eaef3d109b3b12545306f201c"},{"fixed":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"1bf649b5998ac98511203f54ce954eccfaf75467"}],"database_specific":{"versions":[{"introduced":"1.0.2"},{"fixed":"1.0.2zd"},{"introduced":"1.1.0"},{"fixed":"1.1.1n"},{"introduced":"3.0.0"},{"fixed":"3.0.2"}]}}],"versions":["mariadb-10.0.0","mariadb-10.1.0","mariadb-10.2.0","mariadb-10.2.1","mariadb-10.2.10","mariadb-10.2.11","mariadb-10.2.12","mariadb-10.2.13","mariadb-10.2.14","mariadb-10.2.15","mariadb-10.2.16","mariadb-10.2.18","mariadb-10.2.19","mariadb-10.2.2","mariadb-10.2.20","mariadb-10.2.21","mariadb-10.2.22","mariadb-10.2.23","mariadb-10.2.24","mariadb-10.2.25","mariadb-10.2.26","mariadb-10.2.27","mariadb-10.2.28","mariadb-10.2.29","mariadb-10.2.30","mariadb-10.2.31","mariadb-10.2.39","mariadb-10.2.40","mariadb-10.2.5","mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.12","mariadb-10.3.16","mariadb-10.3.17","mariadb-10.3.18","mariadb-10.3.19","mariadb-10.3.2","mariadb-10.3.20","mariadb-10.3.21","mariadb-10.3.26","mariadb-10.3.30","mariadb-10.3.31","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.4.10","mariadb-10.4.11","mariadb-10.4.20","mariadb-10.4.21","mariadb-10.4.22","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.4.5","mariadb-10.4.7","mariadb-10.4.9","mariadb-10.5.0","mariadb-10.5.11","mariadb-10.5.12","mariadb-10.5.13","mariadb-10.5.2","mariadb-10.5.4","mariadb-10.6.0","mariadb-10.6.1","mariadb-10.6.2","mariadb-10.6.3","mariadb-10.6.4","mariadb-10.6.5","mariadb-10.7.1","openssl-3.0.0","openssl-3.0.1","v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.6","v0.1.0","v0.1.1","v0.1.10","v0.1.100","v0.1.101","v0.1.102","v0.1.103","v0.1.104","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.2","v0.1.20","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.26","v0.1.27","v0.1.28","v0.1.29","v0.1.3","v0.1.30","v0.1.31","v0.1.32","v0.1.33","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.1.92","v0.1.93","v0.1.94","v0.1.95","v0.1.96","v0.1.97","v0.1.98","v0.1.99","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.5.0","v0.5.1","v0.5.10","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.5-rc1","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.7.0","v0.7.2","v0.7.3","v1.0.1","v1.0.1-release","v1.0.2","v1.0.2-release","v1.0.3","v1.0.4","v1.1.0","v1.2.0","v1.3.0","v1.4.1","v1.4.2","v1.4.3","v1.5.0","v1.5.1","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.7.0","v1.7.1","v11.0.0","v12.0.0","v12.1.0","v12.10.0","v12.11.0","v12.11.1","v12.12.0","v12.13.0","v12.13.1","v12.14.0","v12.14.1","v12.15.0","v12.16.0","v12.16.1","v12.16.2","v12.16.3","v12.17.0","v12.18.0","v12.18.1","v12.18.2","v12.18.3","v12.18.4","v12.19.0","v12.19.1","v12.2.0","v12.20.0","v12.20.1","v12.20.2","v12.21.0","v12.22.0","v12.22.1","v12.22.10","v12.22.2","v12.22.3","v12.22.4","v12.22.5","v12.22.6","v12.22.7","v12.22.8","v12.22.9","v12.3.0","v12.3.1","v12.4.0","v12.5.0","v12.6.0","v12.7.0","v12.8.0","v12.8.1","v12.9.0","v12.9.1","v14.0.0","v14.1.0","v14.10.0","v14.10.1","v14.11.0","v14.12.0","v14.13.0","v14.13.1","v14.14.0","v14.15.0","v14.15.1","v14.15.2","v14.15.3","v14.15.4","v14.15.5","v14.16.0","v14.16.1","v14.17.0","v14.17.1","v14.17.2","v14.17.3","v14.17.4","v14.17.5","v14.17.6","v14.18.0","v14.18.1","v14.18.2","v14.18.3","v14.19.0","v14.2.0","v14.3.0","v14.4.0","v14.5.0","v14.6.0","v14.7.0","v14.8.0","v14.9.0","v16.0.0","v16.1.0","v16.10.0","v16.11.0","v16.11.1","v16.12.0","v16.13.0","v16.13.1","v16.13.2","v16.14.0","v16.14.1","v16.2.0","v16.3.0","v16.4.0","v16.4.1","v16.4.2","v16.5.0","v16.6.0","v16.6.1","v16.6.2","v16.7.0","v16.8.0","v16.9.0","v16.9.1","v17.0.0","v17.0.1","v17.1.0","v17.2.0","v17.3.0","v17.3.1","v17.4.0","v17.5.0","v17.6.0","v17.7.0","v17.7.1","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.4.0","v2.5.0","v3.0.0","v9.0.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"function":"save_insert_query_plan","file":"sql/sql_insert.cc"},"signature_version":"v1","id":"CVE-2022-0778-1bcbcc0a","source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","signature_type":"Function","digest":{"length":539,"function_hash":"143928694554246599964388922123655825311"}},{"deprecated":false,"target":{"file":"sql/sql_select.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-1c37f015","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["184624688822326820137669327007162397916","191372394860713645665440263424136104101","174921892666626593579197514320704675980","184594162286123241116060895520726497711","114981082015592945940870693398477303691","25308841709836635247173558801234276757","321826629992771760882463391035226771827","133808144812579614697621387006256886310","142706633921872603323457835938516060006","207762970156071676574091120280215459472","52785397963342448070982256765371850264","230191404739277406919508755650248314386","197613591421396413532198844379570151333","241036966626414720750301056683921230634","196099397888129194305053623518855328177","109049649839917964796515703263261047334","179020584707001411755861138257226165064","168132223801976699650668544174466586990","102235116445772971533415874729718355971","64931584361589799048769284434778021208","264469681390690839958558297522008233785","317510823114653361368051809839897766609","283263820113155311149054123979111773873","120476915490231163425524082989724558472","81728944473704551680171471920011384457","112266891731631588862273962918834795622","339802515964657508269426460395909658920","141464255640297136830274681034847282081","59903329391232971403084852451793713903","27461365552820892860251894398502102145","335991456171397269056601541938548968670","87391211852859669557058494068995714331","96287949116973146012115423931092010108","235604189887992235242556470009864714912","314366145537269709790617186270375121400","111009410975939885162164284524465521299","189635430735996323975558013518177710807","20388129424987213872916749465524637659","294700364242276523763034119561693381378","75336494572898873760030956022965147579","198318444952458789332975053065999646871","150737575490122962550679074447358898124","249678070856594318111143473341955802261","178672970503440884581247126228530410733"]}},{"deprecated":false,"target":{"function":"JOIN_TAB::update_explain_data","file":"sql/sql_select.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-2368c104","signature_version":"v1","signature_type":"Function","digest":{"length":627,"function_hash":"237866696617503454160057748475500730046"}},{"deprecated":false,"target":{"function":"Update_plan::save_explain_data","file":"sql/sql_delete.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-26a54598","signature_version":"v1","signature_type":"Function","digest":{"length":203,"function_hash":"322044020997528670043920843737780195648"}},{"deprecated":false,"target":{"function":"create_explain_query","file":"sql/sql_explain.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-2aa370f8","signature_version":"v1","signature_type":"Function","digest":{"length":215,"function_hash":"330683709507810645398616998959312752961"}},{"target":{"function":"Delete_plan::save_explain_data","file":"sql/sql_delete.cc"},"deprecated":false,"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-31ea4266","signature_version":"v1","signature_type":"Function","digest":{"length":418,"function_hash":"249391553874468262586225591922410794365"}},{"deprecated":false,"target":{"function":"Explain_query::send_explain","file":"sql/sql_explain.cc"},"signature_version":"v1","id":"CVE-2022-0778-5cfdda37","source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","signature_type":"Function","digest":{"length":486,"function_hash":"93287788645905316460810163886592315489"}},{"target":{"function":"Explain_query::Explain_query","file":"sql/sql_explain.cc"},"deprecated":false,"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-76464b6d","signature_version":"v1","signature_type":"Function","digest":{"length":156,"function_hash":"181464225951076655002217964359427214882"}},{"deprecated":false,"target":{"function":"st_select_lex_unit::save_union_explain","file":"sql/sql_lex.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-8363eea1","signature_version":"v1","signature_type":"Function","digest":{"length":597,"function_hash":"238579845775609517452055966823154282926"}},{"deprecated":false,"target":{"file":"sql/sql_explain.h"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-8803e40b","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["153498372947137396461559705909146709511","268724915220442429325999425088120274977","92209556554204870040047974329725814526","180239060686624721801927379877975898362","105563193344180048741427630256432131955","257656703548549601083479363485784302248","331548940751182247382003363863369680603","96385089379029064342609424520494623363","289666369007315531443479868788372250743","43007366448873912566309240395187955630","79657492863365604319151141271705701773","92346140326941816712565586954311738539","295775502438768834235023358368994315416","185328856191871275945711804783034039081","224909383198415161010401300169947700818","249546205657661602779225005512454943797","329928933516781102507883183899609802790","115665141739482525697295811310402581178","178503830303776850144886572412474214880","10225767919865777593724628199162955644","207090964914730750875386278966441379320","220483806003110467655719535386261624898","143983541672354092019297552043430740204","317519842901572410269733931544824689552","292798904563530481392832875892604338886","43387506740473743984307593595813899686","139926332487718675982695055559894837318","285304101231096184955943490152969512866","228501128061361209342701960035408952535","154791902612748345927773925803283818549","100427462209659248119612627157386272594","7167328992534009760511462692653497640","211758636473762296732105290984921522608","128147352699988561037575006976430913795","184292799912639457219848371198094339039","313945175297729763015260541671171423842","279364408785345652460803083853935817529","319696813391367168753675485608937467098","261462380037408785352080478598730653853","220973941709271950628468993146992552138","190077392545328572060444061087865296754","297570603339715813525024051451068849917","333067563426364531681564854839069266039","256493331266508222669391687195066801776","82160473527887282109597150358280363960","276807755937466099331647428848259034543","310148029095408547048101075582201024997","311731142433063049681485366995017766158","4372168742659759291453192179555107238","83078633628252372143257626388938603272","218566111322703402116508605048577177580","338046132618846535660003964696016204479","88026065914348208502937825154944548969","176823463827627360741534997596792728322","278475046660745644057944222801252936548","100421492838063060889053423392611219757","78686472444998252867267923621531715543","331040161131337877957792918519329249776","15138575745662532029717409573423853626","109335542772794069911119107740123182926","218575466757917988849330475891104056836","300757285579218660207659056903696142686","1744633519160530198577215056526499762","128912303671720802158143742234669717636","265406882181045306667145828688402844560","151784320972559397141592073164641456928","132270075548073738665682008694289175225","170845102169148221383296949674356549258","243361980484162167819472781332891767978","16716323743862327775912333731350445887","238874331914528726996056928458546736698","306336594644168429790268025108095459966","31676956659163381409918338483221175308","244092951372070756402068918613715500458","82637985325509267438701184973165519917","6238638849428442491443494485864382008","207115513629277325956633568500959028195","298709935654486764885599247020121130143","277331715531721541133734821012966350736","173508916505096826970458547145432634791","152185890258316349320337192073480245026","155038709242161158319930886727432650103","304189525804194666845034637739971399896","171956776426985942414394511834353949576","167495960546738690218724849849251038627","234710412792311887364159017624431719003"]}},{"deprecated":false,"target":{"file":"sql/sql_insert.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-abe58e82","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["233428294681393459281483379360705615894","339344595215262455643495850645781729721","322118378124457821156243588273624755747","188546572912975698435675983225523438715"]}},{"deprecated":false,"target":{"file":"sql/sql_lex.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-b8ce38a0","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["316254683092236107527257602106638870598","28819999389784313826167915668325689521","314194945627240912861606439164210439054","316206985701665569073498001761391469599"]}},{"deprecated":false,"target":{"file":"include/openssl/opensslv.h"},"source":"https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86","id":"CVE-2022-0778-c377fa22","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["28170854778703993674264004058177114599","73132526844288570625317440636111911761","177405411499435185068645597737938634778","224809958623850711330610094965797758930","295554444428855106393106961197201359586"]}},{"deprecated":false,"target":{"file":"sql/sql_delete.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-c741e9f6","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["119883289409241365968476123781423508304","22593043261955915367687771807843465275","202671885700817427457671198842485560026","201986032502185267093976846599242941556","196712390378052309226109497929919094462","183141328987084314845874667576702319058","278562138887181647765292792577308251719","18427581793046613875098518048541729773"]}},{"deprecated":false,"target":{"function":"JOIN::save_explain_data_intern","file":"sql/sql_select.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-c8c876ad","signature_version":"v1","signature_type":"Function","digest":{"length":2914,"function_hash":"48813408077062799409198336181021116997"}},{"deprecated":false,"target":{"file":"sql/sql_select.h"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-d0271462","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["210000674417407585262608784913631618968","112785547307231971583594857376706111165","328452363087308056203770991886644783184","182390550905871137758677443280873193421"]}},{"target":{"function":"Explain_basic_join::~Explain_basic_join","file":"sql/sql_explain.cc"},"deprecated":false,"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-d046f52a","signature_version":"v1","signature_type":"Function","digest":{"length":173,"function_hash":"193620856204870918891077136149620507329"}},{"deprecated":false,"target":{"file":"sql/sql_explain.cc"},"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-d67baa9d","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["39651863520066635819633985993770211685","108315622527472715136798677355233243238","312329036940224304325043548611415149910","308079549732098030528668974586627974690","275601668984122799724110013100314545243","269642951359558540728103214318653718760","57129512751153901998576879913747922145","231998832783363445873712280855147895633","148946975590520513945099576100030440285","190794345911512240689067473465726333629","255197811773652115487784458630799256038","76518297283532873086955487183433796242","217313003323589558581727215873053005566","304312049139124116129374734638507404397","8880245050493604423439142438823823219","219878432845293691291919955511653507544","330213735414225453100746807390766130369","105010382843164135799779340707220400619","75798417922718238110887839374994314369","326185084601520523155177833323465368388","268716961812641801377391441599179641464","63154134656214522094370804811211196502","270018777321644182821958610067195941835","110185970217346405342733262019222741838","322165752396458057153277500684520974527","149028208061101786861808657026130909302","151424166106369771594386932080851734510","92871867382982921251676106240791415928"]}},{"target":{"file":"crypto/opensslv.h"},"deprecated":false,"source":"https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8","id":"CVE-2022-0778-e051451f","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["251633914150035957322733061977107206211","338514574181828579838011565939158652696","76638288692106140328510055542557597351","142922657400765574308962710386922248045","71649992455794854055653842592139575350","65527166711110472566013424527579064967","253196866009476977787139000804413898733","172177136897997206866313011107384691461"]}},{"target":{"function":"make_join_statistics","file":"sql/sql_select.cc"},"deprecated":false,"source":"https://github.com/mariadb/server/commit/78564373fee5e6cccf144b11bc60b0876b4bbd0b","id":"CVE-2022-0778-ecffc039","signature_version":"v1","signature_type":"Function","digest":{"length":14482,"function_hash":"241881771439316986767786700975834554728"}}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"fixed":"8.15.4"}]}],"vanir_signatures_modified":"2026-04-12T09:22:04Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0778.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}