FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Command injection vulnerability

Affected packages
openssl < 1.1.1p,1
openssl-devel < 3.0.4
openssl-quictls < 3.0.4

Details

VuXML ID 4eeb93bf-f204-11ec-8fbd-d4c9ef517024
Discovery 2022-06-21
Entry 2022-06-22

The OpenSSL project reports:

Circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.

References

CVE Name CVE-2022-2068
URL https://www.openssl.org/news/secadv/20220621.txt