855488 – (CVE-2022-2274) =dev-libs/openssl-3.0.4: AVX512 buffer overflow

Bug 855488 (CVE-2022-2274) - =dev-libs/openssl-3.0.4: AVX512 buffer overflow

Summary: =dev-libs/openssl-3.0.4: AVX512 buffer overflow

Status:	RESOLVED FIXED

Alias:	CVE-2022-2274

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2022-07-01 07:52 UTC by Sam James
Modified:	2022-07-01 07:52 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/openssl/openssl/issues/18625
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2022-07-01 07:52:01 UTC

This only affected *exactly* =dev-libs/openssl-3.0.4 (and OpenSSL 3 is still masked) and is fixed in -r1. The bad version was only in the tree for a few hours.

Filing for posterity but no action required from us.