FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|fceb2b08-cb76-11ec-a06f-d4c9ef517024||OpenSSL -- Multiple vulnerabilities|
The OpenSSL project reports:
- The c_rehash script allows command injection (CVE-2022-1292)
The c_rehash script does not properly sanitise shell
metacharacters to prevent command injection. This script is distributed
by some operating systems in a manner where it is automatically
executed. On such operating systems, an attacker could execute arbitrary
commands with the privileges of the script.
- OCSP_basic_verify may incorrectly verify the response signing
certificate (CVE-2022-1343) (Moderate)
`OCSP_basic_verify` verifies the signer certificate on an OCSP response.
In the case where the (non-default) flag OCSP_NOCHECKS is used then the
response will be positive (meaning a successful verification) even in
the case where the response signing certificate fails to verify.
- Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite
incorrectly uses the AAD data as the MAC key. This makes the MAC key
- Resource leakage when decoding certificates and keys (CVE-2022-1473)
The OPENSSL_LH_flush() function, which empties a hash table,
containsa bug that breaks reuse of the memory occuppied by the removed
hash table entries.