{"id":"GHSA-735f-pg76-fxc4","summary":"openssl-src heap memory corruption with RSA private key operation","details":"The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.","aliases":["CVE-2022-2274","RUSTSEC-2022-0033"],"modified":"2023-11-08T04:08:13.343319Z","published":"2022-07-02T00:00:29Z","database_specific":{"github_reviewed_at":"2022-07-06T19:42:04Z","nvd_published_at":"2022-07-01T08:15:00Z","github_reviewed":true,"cwe_ids":["CWE-787"],"severity":"CRITICAL"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2274"},{"type":"WEB","url":"https://github.com/openssl/openssl/issues/18625"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345"},{"type":"WEB","url":"https://rustsec.org/advisories/RUSTSEC-2022-0033.html"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220715-0010"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20220705.txt"}],"affected":[{"package":{"name":"openssl-src","ecosystem":"crates.io","purl":"pkg:cargo/openssl-src"},"ranges":[{"type":"SEMVER","events":[{"introduced":"300.0.8"},{"fixed":"300.0.9"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-735f-pg76-fxc4/GHSA-735f-pg76-fxc4.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}