OpenSSL 3.0.4 Vulnerability CVE-2022-2274: Heap Memory Corruption with RSA Private Key Operation

Sicherheit (Pexels, allgemeine Nutzung)[German]A vulnerability CVE-2022-2274 exists in OpenSSL that could lead to heap memory corruption with RSA private key operations. It affects OpenSSL 3.0.4 and the vulnerability is rated High in severity. A second vulnerability CVE-2022-2097 causes AES OCB to fail to encrypt some bytes. This vulnerability is rated Moderate.


I became aware of the issue via the following tweet, which is described in this OpenSSL Security Advisory.

OpenSSL 3.0.4 Schwachstelle CVE-2022-2274

Vulnerability CVE-2022-2274: Heap memory corruption

OpenSSL 3.0.4 contains a fatal flaw in the RSA implementation for X86_64 CPUs that support the AVX512IFMA instructions. This issue causes an incorrect RSA implementation for 2048-bit private keys. As a result, memory corruption occurs during computation, which may allow an attacker to force remote code execution on the machine performing the computation.

SSL/TLS servers or other servers that use private 2048-bit RSA keys and run on machines that support AVX512IFMA instructions on the X86-64 architecture are affected by this issue. Users of OpenSSL 3.0.4 should upgrade to OpenSSL 3.0.5. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Vulnerability CVE-2022-2097: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES NI assembly-optimized implementation may fail to encrypt all data. This could expose sixteen bytes of data that was already in memory and not written.  In the specific case of "in place" encryption, sixteen bytes of plaintext would be exposed. The vulnerability is rated as moderate.


Since OpenSSL does not support OCB-based cipher suites for TLS and DTLS, neither is affected. This issue affects versions 1.1.1 and 3.0, and was fixed in versions 1.1.1q and 3.0.5 on July 5, 2022. Users of OpenSSL 1.1.1 should upgrade to 1.1.1q. Users of OpenSSL 3.0 should upgrade to 3.0.5.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software and tagged . Bookmark the permalink.

2 Responses to OpenSSL 3.0.4 Vulnerability CVE-2022-2274: Heap Memory Corruption with RSA Private Key Operation

  1. Phyo Maw says:

    Hi sir,
    Can users of openssl 1.0.1e be affected by this issue?

Leave a Reply

Your email address will not be published. Required fields are marked *