Miggo Logo

CVE-2022-1473: Resource leakage when decoding certificates and keys

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.46921%
Published
5/4/2022
Updated
8/17/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
openssl-srcrust>= 300.0.0, < 300.0.6300.0.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The vulnerability description explicitly names OPENSSL_LH_flush as the problematic function.
  2. The commit diff shows the fix adds 'lh->num_items = 0' to this function, confirming improper cleanup.
  3. CWE-459 (Incomplete Cleanup) directly maps to the failure to reset the item count.
  4. All advisory sources (OpenSSL, NVD, RustSec) consistently reference this function as the root cause.
  5. The memory leak mechanism described matches the function's responsibility for hash table management during certificate/key decoding operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** OP*NSSL_L*_*lus*() *un*tion, w*i** *mpti*s * **s* t**l*, *ont*ins * *u* t**t *r**ks r*us* o* t** m*mory o**uppi** *y t** r*mov** **s* t**l* *ntri*s. T*is *un*tion is us** w**n ***o*in* **rti*i**t*s or k*ys. I* * lon* liv** pro**ss p*rio*i**lly **

Reasoning

*. T** vuln*r**ility **s*ription *xpli*itly n*m*s OP*NSSL_L*_*lus* *s t** pro*l*m*ti* *un*tion. *. T** *ommit *i** s*ows t** *ix ***s 'l*->num_it*ms = *' to t*is *un*tion, *on*irmin* improp*r *l**nup. *. *W*-*** (In*ompl*t* *l**nup) *ir**tly m*ps to