Is Security Analytics affected by CVE-2022-0778?

book

Article ID: 242241

calendar_today

Updated On:

Products

Security Analytics Security Analytics - VA

Issue/Introduction

A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack.

Resolution

Security Analytics is affected by this vulnerability and will be resolved with version 8.2.6 or greater.

Additional Information

https://access.redhat.com/security/cve/cve-2022-0778