Qnap Security Advisory | Bulletin ID: QSA-22-17 on Multiple Vulnerabilities in OpenSSL
Company’s products not affected
This is a Press Release edited by StorageNewsletter.com on May 25, 2022 at 2:01 pmQnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of company’s products.
Use the following information and solutions to correct the security issues and vulnerabilities.
Multiple vulnerabilities in OpenSSL
Release date: May 23, 2022
Security ID: QSA-22-17
Severity: Information
CVE identifier: CVE-2022-1292 | CVE-2022-1343 | CVE-2022-1434 | CVE-2022-1473
Affected products: None
Status: Not Affected
Summary
OpenSSL recently disclosed multiple vulnerabilities:
-
CVE-2022-1292: The c_rehash script allows command injection
-
CVE-2022-1343: OCSP_basic_verify may incorrectly verify the response signing certificate
-
CVE-2022-1434: Incorrect MAC key used in the RC4-MD5 ciphersuite
-
CVE-2022-1473: Resource leakage when decoding certificates and keys
Qnap’s products are not affected.
Revision history: V1.0 (May 23, 2022) – Published
Subscribe to our free daily newsletter
