Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

OpenSSL Infinite loop when parsing certificates CVE-2022-0778

MicahMicah SonicWall Employee

A vulnerability CVE-2022-0778 was found in OpenSSL that allows to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate leads to a DoS (Denial of service) attack.

SonicWall is investigating its product line to determine which products and cloud services may be affected by this vulnerability.

Learn more at https://www.sonicwall.com/support/notices/security-notice-openssl-infinite-loop-when-parsing-certificates-cve-2022-0778/220412121029153/

Category: Water Cooler
Reply

@micah - SonicWall's Self-Service Sr. Manager

Comments

Sign In or Register to comment.