{"id":"CVE-2022-1292","details":"The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).","modified":"2026-04-16T00:06:10.976656879Z","published":"2022-05-03T16:15:18.823Z","related":["ALSA-2022:5818","ALSA-2022:6224","CGA-qw6h-9f9m-gg78","SUSE-SU-2022:2068-1","SUSE-SU-2022:2075-1","SUSE-SU-2022:2098-1","SUSE-SU-2022:2106-1","SUSE-SU-2022:2182-1","SUSE-SU-2022:2197-1","SUSE-SU-2022:2251-1","SUSE-SU-2022:2251-2","SUSE-SU-2022:2306-1","SUSE-SU-2022:2308-1","SUSE-SU-2022:2321-1","openSUSE-SU-2024:12138-1","openSUSE-SU-2024:12178-1","openSUSE-SU-2024:12204-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"12.4.0.0"}]},{"cpe":"cpe:2.3:a:siemens:brownfield_connectivity_gateway:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"fixed":"2.15"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"11.0"}]},{"cpe":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"35"}]},{"cpe":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"36"}]}]},"references":[{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/"},{"type":"ADVISORY","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-02"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220602-0009/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220729-0004/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5139"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20220503.txt"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"PACKAGE","url":"https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"527c12ed611f3fe072c3043734319edb2c733099"},{"last_affected":"8d8c986e5716e38cb776b627a8eee9e92241b4ce"},{"introduced":"f9e2c6cd27268e72198bde3c1a71eb1273df335a"},{"last_affected":"c94ce787737f9a6c9a31abe22bee02866698885b"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"8d8c986e5716e38cb776b627a8eee9e92241b4ce"}],"database_specific":{"cpe":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*","cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"9.0"},{"last_affected":"8.0.29"},{"introduced":"5.0.0"},{"last_affected":"5.7.38"},{"introduced":"8.0.0"},{"last_affected":"8.0.29"}]}}],"versions":["mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.7.31","mysql-5.7.32","mysql-5.7.35","mysql-5.7.36","mysql-5.7.37","mysql-5.7.38","mysql-8.0.29","mysql-9.0.0","mysql-9.0.0-release","mysql-cluster-8.0.29","mysql-cluster-9.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1292.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"fixed":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"fixed":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"4d346a188c27bdf78aa76590c641e1217732ca4b"}],"database_specific":{"cpe":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"1.0.2"},{"fixed":"1.0.2ze"},{"introduced":"1.1.1"},{"fixed":"1.1.1o"},{"introduced":"3.0.0"},{"fixed":"3.0.3"}]}}],"versions":["openssl-3.0.0","openssl-3.0.1","openssl-3.0.2"],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["28170854778703993674264004058177114599","73132526844288570625317440636111911761","177405411499435185068645597737938634778","224809958623850711330610094965797758930","295554444428855106393106961197201359586"],"threshold":0.9},"signature_version":"v1","target":{"file":"include/openssl/opensslv.h"},"signature_type":"Line","source":"https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86","id":"CVE-2022-1292-c377fa22"},{"deprecated":false,"id":"CVE-2022-1292-e051451f","digest":{"line_hashes":["251633914150035957322733061977107206211","338514574181828579838011565939158652696","76638288692106140328510055542557597351","142922657400765574308962710386922248045","71649992455794854055653842592139575350","65527166711110472566013424527579064967","253196866009476977787139000804413898733","172177136897997206866313011107384691461"],"threshold":0.9},"target":{"file":"crypto/opensslv.h"},"signature_type":"Line","source":"https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8","signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1292.json","vanir_signatures_modified":"2026-04-12T05:16:42Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}]}