7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-1473

GHSA ID

GHSA-g323-fr93-4j3c

EPSS Score

0.46921%

CWE

CWE-404

Published

5/4/2022

Updated

8/17/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-1473

CVE-2022-1473: Resource leakage when decoding certificates and keys

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-1473

GHSA ID

GHSA-g323-fr93-4j3c

EPSS Score

0.46921%

CWE

CWE-404

Published

5/4/2022

Updated

8/17/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
openssl-src	rust	>= 300.0.0, < 300.0.6	300.0.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly names OPENSSL_LH_flush as the problematic function.
The commit diff shows the fix adds 'lh->num_items = 0' to this function, confirming improper cleanup.
CWE-459 (Incomplete Cleanup) directly maps to the failure to reset the item count.
All advisory sources (OpenSSL, NVD, RustSec) consistently reference this function as the root cause.
The memory leak mechanism described matches the function's responsibility for hash table management during certificate/key decoding operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** OP*NSSL_L*_*lus*() *un*tion, w*i** *mpti*s * **s* t**l*, *ont*ins * *u* t**t *r**ks r*us* o* t** m*mory o**uppi** *y t** r*mov** **s* t**l* *ntri*s. T*is *un*tion is us** w**n ***o*in* **rti*i**t*s or k*ys. I* * lon* liv** pro**ss p*rio*i**lly **

Reasoning

*. T** vuln*r**ility **s*ription *xpli*itly n*m*s OP*NSSL_L*_*lus* *s t** pro*l*m*ti* *un*tion. *. T** *ommit *i** s*ows t** *ix ***s 'l*->num_it*ms = *' to t*is *un*tion, *on*irmin* improp*r *l**nup. *. *W*-*** (In*ompl*t* *l**nup) *ir**tly m*ps to

7.5

Basic Information

Concerned about an active attack path?

CVE-2022-1473: Resource leakage when decoding certificates and keys

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI