{"id":"RUSTSEC-2022-0014","summary":"Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates","details":"The `BN_mod_sqrt()` function, which computes a modular square root, contains\na bug that can cause it to loop forever for non-prime moduli.\n\nInternally this function is used when parsing certificates that contain\nelliptic curve public keys in compressed form or explicit elliptic curve\nparameters with a base point encoded in compressed form.\n\nIt is possible to trigger the infinite loop by crafting a certificate that\nhas invalid explicit curve parameters.\n\nSince certificate parsing happens prior to verification of the certificate\nsignature, any process that parses an externally supplied certificate may thus\nbe subject to a denial of service attack. The infinite loop can also be\nreached when parsing crafted private keys as they can contain explicit\nelliptic curve parameters.\n\nThus vulnerable situations include:\n\n - TLS clients consuming server certificates\n - TLS servers consuming client certificates\n - Hosting providers taking certificates or private keys from customers\n - Certificate authorities parsing certification requests from subscribers\n - Anything else which parses ASN.1 elliptic curve parameters\n\nAlso any other applications that use the `BN_mod_sqrt()` where the attacker\ncan control the parameter values are vulnerable to this DoS issue.","aliases":["BIT-mariadb-2022-0778","BIT-mariadb-min-2022-0778","BIT-mysql-client-2022-0778","BIT-node-2022-0778","BIT-node-min-2022-0778","CVE-2022-0778","GHSA-x3mh-jvjw-3xwx"],"modified":"2025-06-10T12:56:43.828942Z","published":"2022-03-15T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/openssl-src"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0014.html"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20220315.txt"}],"affected":[{"package":{"name":"openssl-src","ecosystem":"crates.io","purl":"pkg:cargo/openssl-src"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"111.18.0"},{"introduced":"300.0.0"},{"fixed":"300.0.5"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0014.json","categories":["denial-of-service"],"cvss":null,"informational":null}}],"schema_version":"1.7.3"}