CVE-2022-0778: 
MySQL vulnerability analysis and mitigation

The BNmodsqrt() function in OpenSSL versions 1.0.2, 1.1.1 and 3.0 contains a vulnerability (CVE-2022-0778) that can cause it to loop forever for non-prime moduli. The vulnerability was discovered by Tavis Ormandy from Google and disclosed on March 15, 2022. The issue affects certificate parsing containing elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form (OpenSSL Advisory).

The vulnerability exists in the BNmodsqrt() function which computes modular square roots. When parsing certificates with invalid explicit curve parameters, it can trigger an infinite loop. Since certificate parsing occurs before signature verification, any process parsing externally supplied certificates is vulnerable to denial of service. The vulnerability also affects parsing of crafted private keys containing explicit elliptic curve parameters. In OpenSSL 1.0.2, while the public key is not parsed during initial certificate parsing, any operation requiring the public key will trigger the infinite loop (OpenSSL Advisory, NVD).

A successful exploit could lead to denial of service via malformed certificates. Vulnerable scenarios include: TLS clients consuming server certificates, TLS servers consuming client certificates, hosting providers handling customer certificates/private keys, certificate authorities parsing certification requests, and any applications parsing ASN.1 elliptic curve parameters. The vulnerability has a CVSS v3.1 Base Score of 7.5 HIGH (NVD).

The vulnerability was fixed in OpenSSL versions 1.1.1n and 3.0.2 released on March 15, 2022. OpenSSL 1.0.2 users should upgrade to version 1.0.2zd (premium support customers only). Users are strongly recommended to upgrade to supported versions as soon as possible (OpenSSL Advisory).

Multiple vendors and organizations issued advisories and patches for their products using affected OpenSSL versions, including Apple, NetApp, Debian, Oracle, and others. The vulnerability received significant attention due to its potential for denial of service attacks against widely-used TLS implementations (Oracle Advisory, NetApp Advisory).