The OpenSSL team announced that CVE-2022-0778, which is a denial of service vulnerability (infinite CPU loop) in BN_mod_sqrt(), which can be reached when parsing an SSL certificate.
All SSL clients, SSL servers accepting client certificates, and all applications parsing user-provided X.509 certificates are affected.
This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.
It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022.
Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1).
Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m).
Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
SGOS 6.7.5.17 has got a fix addressed for OpenSSL High Severity Security Patch for 1.0.2zd, 1.1.1n and 3.0.2
Internal BUG SG-30816