Dec 9, 2022•Knowledge
Summary
CVE-2022-0778 - With OpenSSL, it is possible to trigger an infinite loop via operations that require the public key from the certificate. For example, this loop can be triggered by crafting a certificate that has invalid explicit curve parameters or when parsing crafted private keys (as they can contain explicit elliptic curve parameters).
CVSS 3.x Severity and Metrics
CVSS Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
Infoblox NIOS Product is vulnerable to CVE-2022-0778.
CVE-2022-0778 - With OpenSSL, it is possible to trigger an infinite loop via operations that require the public key from the certificate. For example, this loop can be triggered by crafting a certificate that has invalid explicit curve parameters or when parsing crafted private keys (as they can contain explicit elliptic curve parameters).
CVSS 3.x Severity and Metrics
CVSS Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
Infoblox NIOS Product is vulnerable to CVE-2022-0778.
Resolution
Infoblox suggests one of the following options to resolve these issues:
- Apply a NIOS version-specific Hotfix to your grid (8.2.6, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.6.1). All related files are attached to this case, including the Hotfix Release Form. Infoblox Support recommend only downloading the Hotfix and Revert Hotfix specific to your NIOS version.
- CVE-2022-0778 is patched/fixed in 8.6.2.
NIOS Version-Specific Hotfix Files (attached to this KB)
8.2.6 CC/FIPS (8.2.6 should only be run if using either CC or FIPS mode)
|
File |
File Name |
|
Hotfix Release Form |
Generic_Hotfix_Release_Form_NIOS-84436_CVE-2022-0778.pdf |
|
Hotfix |
Hotfix-NIOS_8.2.6_371069_J84436-eb1313d97ad480f6e3624d68273ede3d-Wed-May-11-11-44-34-2022.bin |
|
Hotfix SHA256SUM |
30c04a778725a5558c3f002b14856274abbf20b76b2d1cf0ac899a8b53048e30 |
|
Revert Hotfix |
Hotfix-NIOS_8.2.6_371069_Revert_J84436-d56b555a1a51e568090d45ff76851389-Wed-May-11-11-45-36-2022.bin |
|
Revert Hotfix SHA256SUM |
18893a861fccc4a5f32258dd36eb47fd32af14c760057008676fdff54c7ade19 |
8.5.1
|
File |
File Name |
|
Hotfix Release Form |
Generic_Hotfix_Release_Form_NIOS-84436_CVE-2022-0778.pdf |
|
Hotfix |
Hotfix-NIOS_8.5.1_397728_J84441-0b65b8b3b7bbcbe64521d5c74856bc1d-Tue-May-10-10-11-03-2022.bin |
|
Hotfix SHA256SUM |
279ca77e48380640fc767ba4564ef1c77ea27c4c359eef5ed9807c9648108a97 |
|
Revert Hotfix |
Hotfix-NIOS_8.5.1_397728_Revert_J84441-cefa047aa7fa8d40eaf234acee1753fc-Tue-May-10-10-12-05-2022.bin |
|
Revert Hotfix SHA256SUM |
32f80495bdc99a4310e3223504bf5f7ba3ed4cfd4e42c2b88d07d00e7d153545 |
8.5.2 (this Hotfix has been validated for both standard/GA and CC mode deployments)
|
File |
File Name |
|
Hotfix Release Form |
Generic_Hotfix_Release_Form_NIOS-84436_CVE-2022-0778.pdf |
|
Hotfix |
Hotfix-NIOS_8.5.2-409296_J84440-7a380635d0905ebd46c80bc076b38ac0-Mon-May-9-22-48-38-2022.bin2 |
|
Hotfix SHA256SUM |
93d60e44cd4dfdab5abb5580382bd1c7b326ee86686301ed5d205feee45ee5b4 |
|
Revert Hotfix |
Hotfix-NIOS_8.5.2-409296_revert-1a8b6566c10f0041d2878a12885d2808-Mon-May-9-22-56-25-2022.bin2 |
|
Revert Hotfix SHA256SUM |
80cebfd25a50e0e39cbee9336a98897576b78438223f4a184ba81592bd6d676e |
8.5.3
|
File |
File Name |
|
Hotfix Release Form |
Generic_Hotfix_Release_Form_NIOS-84436_CVE-2022-0778.pdf |
|
Hotfix |
Hotfix-NIOS_8.5.3_417434_J84442-a0be0f4be0d8ecc90b0b2e8fc36543bd-Tue-May-10-10-17-32-2022.bin |
|
Hotfix SHA256SUM |
991a97470f90fc1e5296e20a5217739aced5c79cdaa86d5b2fa0f2b3774ff4f3 |
|
Revert Hotfix |
Hotfix-NIOS_8.5.3_417434_Revert_J84442-1433c15f9689ea3eea0e01fef87fa1fb-Tue-May-10-10-18-34-2022.bin |
|
Revert Hotfix SHA256SUM |
8c67efdb648eeb579fb2d42aa6af20d9f4d3e7631489cfaa87ae5bc7ab377995 |
8.5.4
|
File |
File Name |
|
Hotfix Release Form |
Generic_Hotfix_Release_Form_NIOS-84436_CVE-2022-0778.pdf |
|
Hotfix |
Hotfix-NIOS_8.5.4_419474_J84443-e6347b0111baa66b8454b60c76c069a3-Tue-May-10-10-21-43-2022.bin |
|
Hotfix SHA256SUM |
ed99e7af7809e01ede53112d42abe43e2558c40e65ec9662575e5f18d24c2123 |
|
Revert Hotfix |
Hotfix-NIOS_8.5.4_419474_Revert_J84443-48a92e4c600e4db85b18b58ef2b9cd06-Tue-May-10-10-22-45-2022.bin |
|
Revert Hotfix SHA256SUM |
df23fcf6c07b4ce0f0a1d7b0d8ad0425c4851893e00cf5b69e1f8393acc7aeb1 |
8.5.5
|
File |
File Name |
|
Hotfix Release Form |
Generic_Hotfix_Release_Form_NIOS-84436_CVE-2022-0778.pdf |
|
Hotfix |
Hotfix-NIOS_8.5.5_50687_677a2087c8f6_J84444-0afd924fae699bdb002940263f994821-Tue-May-31-06-42-18-2022.bin |
|
Hotfix SHA256SUM |
b469623580d47a892074a6373a2ad1fb73141d0f6f1d4ec3cc5b0ac08c33d668 |
|
Revert Hotfix |
Hotfix-NIOS_8.5.5_50687_677a2087c8f6_J84444_revert-31e96cd9479faffe60811ef9d021f9fa-Tue-May-31-06-44-17-2022.bin |
|
Revert Hotfix SHA256SUM |
a073b689673c7293402fcbd78cee550566ea284c2cbd01a3b0154e3092ed549b |
8.6.1
|
File |
File Name |
|
Hotfix Release Form |
Generic_Hotfix_Release_Form_NIOS-84436_CVE-2022-0778.pdf |
|
Hotfix |
Hotfix-NIOS_8.6.1_421683_J84445-dff998a764c6d38619dbb46312768c43-Tue-May-10-10-29-56-2022.bin |
|
Hotfix SHA256SUM |
0b13c13957c1a86e448def806a746056055c0b35bc25f806f010b0c8045e3bde |
|
Hotfix Revert |
Hotfix-NIOS_8.6.1_421683_Revert_J84445-1d00d65b0383821828d955c72dc3ac23-Tue-May-10-10-30-58-2022.bin |
|
Revert Hotfix SHA256SUM |
0dcc72bc040cc5415ed32c9cf60c2a9d88e63479104d8acbf2fd73c010434b37 |