CVE-2022-3358

Summary

Using a Custom Cipher with `NID_undef` may lead to NULL encryption

Severity

high

EPSS

2.9% (p85)

Also known as

GHSA-4f63-89w9-3jjv, RUSTSEC-2022-0059

Published

2022-10-11

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-3358
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
• https://github.com/alexcrichton/openssl-src-rs

Related advisories

• CVE-2022-4203 — critical · crates.io/openssl-src
• CVE-2022-3602 — critical · crates.io/openssl-src
• CVE-2021-3711 — critical · crates.io/openssl-src
• CVE-2023-0215 — high · crates.io/openssl-src
• CVE-2023-0216 — high · crates.io/openssl-src
• CVE-2022-4450 — high · crates.io/openssl-src
• CVE-2023-0217 — high · crates.io/openssl-src
• CVE-2023-0401 — high · crates.io/openssl-src

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity