It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. Vulnerability Details CVE-2022-0778ĬVE description: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Please find further details on the security advisory of the supplier.
#Mguard rs 2000 update update
It is strongly recommended to update the firmware version of the affected devices. Solution and Mitigations Update to the latest released versions
0 kommentar(er)
