CVE-2022-1473

Published: May 3, 2022Modified: May 5, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

Affected (26)

Products: Openssl: Openssl · Netapp: Active Iq Unified Manager, Clustered Data Ontap, Clustered Data Ontap Antivirus Connector, Santricity Smi S Provider, Smi S Provider, Snapmanager, Solidfire, Enterprise Sds & Hci Storage Node, Solidfire & Hci Management Node, A700s Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H300e Firmware, H500e Firmware, H700e Firmware, H410s Firmware, Aff 8300 Firmware, Fas 8300 Firmware, Aff 8700 Firmware, Fas 8700 Firmware, Aff A400 Firmware, Fabric Attached Storage A400 Firmware, A250 Firmware, Aff 500f Firmware, Fas 500f Firmware

Openssl

1 product

Openssl

Netapp

25 products

Active Iq Unified Manager

Clustered Data Ontap

Clustered Data Ontap Antivirus Connector

Santricity Smi S Provider

Smi S Provider

Snapmanager

Solidfire, Enterprise Sds & Hci Storage Node

Solidfire & Hci Management Node

Fabric Attached Storage A400 Firmware

A250 Firmware

Aff 500f Firmware

Fas 500f Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openssl Openssl	From 3.0.0 to 3.0.3

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Clustered Data Ontap	All versions
Netapp Clustered Data Ontap Antivirus Connector	All versions
Netapp Santricity Smi S Provider	All versions
Netapp Smi S Provider	All versions
Netapp Snapmanager	All versions
Netapp Solidfire, Enterprise Sds & Hci Storage Node	All versions
Netapp Solidfire & Hci Management Node	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A700s Firmware	All versions

Running on/with	Platform Versions
Netapp A700s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff 8300 Firmware	All versions

Running on/with	Platform Versions
Netapp Aff 8300	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fas 8300 Firmware	All versions

Running on/with	Platform Versions
Netapp Fas 8300	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff 8700 Firmware	All versions

Running on/with	Platform Versions
Netapp Aff 8700	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fas 8700 Firmware	All versions

Running on/with	Platform Versions
Netapp Fas 8700	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff A400 Firmware	All versions

Running on/with	Platform Versions
Netapp Aff A400	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fabric Attached Storage A400 Firmware	All versions

Running on/with	Platform Versions
Netapp Fabric Attached Storage A400	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A250 Firmware	All versions

Running on/with	Platform Versions
Netapp A250	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff 500f Firmware	All versions

Running on/with	Platform Versions
Netapp Aff 500f	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Fas 500f Firmware	All versions

Running on/with	Platform Versions
Netapp Fas 500f	All versions

Related CWEs

CWE-459

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.