CVE-2022-2068: The c_rehash script allows command injection

Published Jun 15, 2022
·
Updated

A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.

Other sources

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the crehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

The crehash script allows command injection

Microsoft

Affected Software

95 affected componentsFixes available
redhat/jbcs-httpd24-openssl<1:1.1.1k-13.el8
1:1.1.1k-13.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-13.el7
1:1.1.1k-13.el7
redhat/openssl<1:1.1.1k-7.el8_6
1:1.1.1k-7.el8_6
redhat/openssl<1:3.0.1-41.el9_0
1:3.0.1-41.el9_0
redhat/jws5-tomcat-native<0:1.2.31-11.redhat_11.el7
0:1.2.31-11.redhat_11.el7
redhat/jws5-tomcat-native<0:1.2.31-11.redhat_11.el8
0:1.2.31-11.redhat_11.el8
redhat/jws5-tomcat-native<0:1.2.31-11.redhat_11.el9
0:1.2.31-11.redhat_11.el9
debian/openssl
1.1.1w-0+deb11u11.1.1w-0+deb11u23.0.15-1~deb12u13.0.14-1~deb12u23.5.0-1
OpenSSL OpenSSL>=1.0.2<1.0.2zf
OpenSSL OpenSSL>=1.1.1<1.1.1p
OpenSSL OpenSSL>=3.0.0<3.0.4
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Siemens Sinec Ins<1.0
Siemens Sinec Ins=1.0
Siemens Sinec Ins=1.0-sp1
Siemens Sinec Ins=1.0-sp2
NetApp Element Software
NetApp Hci Management Node
NetApp Ontap Antivirus Connector
NetApp ONTAP Select Deploy administration utility
NetApp Santricity Smi-s Provider
NetApp Smi-s Provider
NetApp Snapmanager Hyper-v
NetApp Solidfire
NetApp Bootstrap Os
NetApp Hci Compute Node
NetApp H615c Firmware
NetApp H615c
NetApp H610s Firmware
NetApp H610s
NetApp H610c Firmware
NetApp H610c
NetApp H410c Firmware
NetApp H410c
NetApp H300s Firmware
NetApp H300s
NetApp H500s Firmware
NetApp H500s
NetApp H700s Firmware
NetApp H700s
NetApp H410s Firmware
NetApp H410s
NetApp Fas 8300 Firmware
NetApp Fas 8300
NetApp Fas 8700 Firmware
NetApp Fas 8700
NetApp Fas A400 Firmware
NetApp Fas A400
NetApp Aff 8300 Firmware
NetApp Aff 8300
NetApp Aff 8700 Firmware
NetApp Aff 8700
NetApp Aff A400 Firmware
NetApp Aff A400
Broadcom Sannav
All of the following
NetApp Bootstrap Os
NetApp Hci Compute Node
All of the following
NetApp H615c Firmware
NetApp H615c
All of the following
NetApp H610s Firmware
NetApp H610s
All of the following
NetApp H610c Firmware
NetApp H610c
All of the following
NetApp H410c Firmware
NetApp H410c
All of the following
NetApp H300s Firmware
NetApp H300s
All of the following
NetApp H500s Firmware
NetApp H500s
All of the following
NetApp H700s Firmware
NetApp H700s
All of the following
NetApp H410s Firmware
NetApp H410s
All of the following
NetApp Fas 8300 Firmware
NetApp Fas 8300
All of the following
NetApp Fas 8700 Firmware
NetApp Fas 8700
All of the following
NetApp Fas A400 Firmware
NetApp Fas A400
All of the following
NetApp Aff 8300 Firmware
NetApp Aff 8300
All of the following
NetApp Aff 8700 Firmware
NetApp Aff 8700
All of the following
NetApp Aff A400 Firmware
NetApp Aff A400
IBM Watson Studio on Cloud Pak for Data<=4.0
IBM Watson Studio on Cloud Pak for Data<=5.0
redhat/openssl<1.0.2
1.0.2
redhat/openssl<1.1.1
1.1.1
redhat/openssl<3.0.4
3.0.4
Microsoft cbl2 openssl 1.1.1k-17
Patch available
Microsoft cm1 openssl 1.1.1k-12
Patch available

Remediation

Information

As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7

Event History

Jun 15, 2022
Data Sourced
via Red Hat·12:16 PM
DescriptionSeverityAffected Software
Jun 21, 2022
CVE Published
12:00 AM
CVE Published
via MITRE·02:45 PM
Data Sourced
via MITRE·02:45 PM
DescriptionWeakness
Data Sourced
via NVD·03:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Jun 30, 2022
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Jan 12, 2024
Data Sourced
via Launchpad·12:05 AM
Description
Sep 20, 2024
Data Sourced
via Ubuntu·02:40 AM
RemedyDescriptionSeverityAffected Software
Aug 28, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID?

The vulnerability ID is CVE-2022-2068.

2

What is the severity of CVE-2022-2068?

The severity of CVE-2022-2068 is critical with a severity value of 9.8.

3

What is the affected software?

The affected software includes OpenSSL versions 1.0.2 to 1.0.2zf, 1.1.1 to 1.1.1p, and 3.0.0 to 3.0.4, as well as certain packages from Red Hat, Debian, and other sources.

4

How can a remote attacker exploit CVE-2022-2068?

A remote attacker can exploit CVE-2022-2068 by injecting arbitrary commands into the c_rehash script, leading to command injection and potential execution of arbitrary commands on the system.

5

Are there any remediation steps available?

Yes, there are remediation steps available. Please refer to the provided references for detailed instructions and patches.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203