VPLEX VS2 False positive Security Vulnerability OpenSSL DOS
Summary: See the 'Recommendation' section below for details.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Security Article Type
Security KB
CVE Identifier
CVE-2022-0778
Issue Summary
See the 'Recommendation' section below for details.
Recommendations
The vulnerabilities listed in the table below are in order by the date on which Dell EMC VPLEX determined that all versions of Dell EMC VPLEX VS2 are not vulnerable.
| Third-party Component | CVE-IDs | Summary of Vulnerability | Reason why the product is not vulnerable | Date Determined False Positive |
| OpenSSL | CVE-2022-0778 | Any process that parses an externally supplied certificate may be subject to a denial of service attack since certificate parsing happens prior to verification of the certificate signature. This allows forming an infinite loop in the process of parsing crafted private keys if they contain explicit elliptic curve parameters. Usually, an attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature as per OpenSSL. | This security vulnerability is affecting the version 1.0.2, 1.1.1 and 3.0. It is addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). 6.2 P4 openssl versions listed below are not affected by the vulnerability: openssl-0.9.8j-0.106.21.1 openssl1-1.0.1g-0.58.18.1 |
23 March-2022 |
Legal Disclaimer
Affected Products
VPLEX VS2Article Properties
Article Number: 000198132
Article Type: Security KB
Last Modified: 07 Apr 2022
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.