kubernetes-ingress icon indicating copy to clipboard operation
kubernetes-ingress copied to clipboard

Published 20 hours ago verified publisher icon haproxytech

CVE-2022-0778: OpenSSL Denial of Service Vulnerability

Open Eulenator opened this issue 2 years ago • 1 comments

I checked my trivy scans this morning and the CVE-2022-0778 popped up in the haproxytech/kubernetes-ingress:1.7.7 image. I am wondering if this vulnerability will be fixed in the near future?

`haproxytech/kubernetes-ingress:1.7.7 (alpine 3.15.0)

Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 4, CRITICAL: 0)

+--------------+------------------+----------+-------------------+---------------+--------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +--------------+------------------+----------+-------------------+---------------+--------------------------------------+ | libcrypto1.1 | CVE-2022-0778 | HIGH | 1.1.1l-r8 | 1.1.1n-r0 | openssl: Infinite loop in | | | | | | | BN_mod_sqrt() reachable | | | | | | | when parsing certificates | | | | | | | -->avd.aquasec.com/nvd/cve-2022-0778 | +--------------+ + +-------------------+---------------+ + | libretls | | | 3.3.4-r2 | 3.3.4-r3 | | | | | | | | | | | | | | | | | | | | | | | +--------------+ + +-------------------+---------------+ + | libssl1.1 | | | 1.1.1l-r8 | 1.1.1n-r0 | | | | | | | | | | | | | | | | | | | | | | | +--------------+ + + + + + | openssl | | | | | | | | | | | | | | | | | | | | | | | | | | | +--------------+------------------+----------+-------------------+---------------+--------------------------------------+`

Eulenator avatar Mar 21 '22 09:03 Eulenator

@Eulenator Work is being done to remedy this.

dkorunic avatar Mar 21 '22 10:03 dkorunic

Long resolved, forgot to mark as done..

dkorunic avatar Sep 15 '22 10:09 dkorunic