The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2022-0778

CVE-2022-0778: OpenSSL DoS Vulnerability

CVE-2022-0778 is a denial of service flaw in OpenSSL that triggers infinite loops through crafted certificates with invalid elliptic curve parameters. This article covers technical details, affected versions, and mitigation.

Published: February 25, 2026

CVE-2022-0778 Overview

CVE-2022-0778 is an infinite loop vulnerability in OpenSSL's BN_mod_sqrt() function, which computes a modular square root. The bug causes the function to loop indefinitely when processing non-prime moduli, enabling attackers to trigger a denial of service condition. This function is internally used when parsing certificates containing elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.

An attacker can exploit this vulnerability by crafting a certificate with invalid explicit curve parameters, causing any process that parses externally supplied certificates to become unresponsive. Since certificate parsing occurs before signature verification, systems are vulnerable even when processing untrusted certificates.

Critical Impact

Network-accessible services using OpenSSL for TLS can be rendered unavailable through maliciously crafted certificates, affecting TLS servers, TLS clients, certificate authorities, and hosting providers processing customer certificates.

Affected Products

  • OpenSSL 1.0.2 through 1.0.2zc
  • OpenSSL 1.1.1 through 1.1.1m
  • OpenSSL 3.0.0 through 3.0.1
  • Debian Linux 9.0, 10.0, 11.0
  • NetApp Cloud Volumes ONTAP Mediator, Clustered Data ONTAP, StorageGRID
  • Fedora 34, 36
  • Tenable Nessus
  • MariaDB
  • Node.js

Discovery Timeline

  • March 15, 2022 - CVE-2022-0778 published to NVD
  • March 15, 2022 - OpenSSL releases security patches (versions 1.1.1n and 3.0.2)
  • November 21, 2024 - Last updated in NVD database

Technical Details for CVE-2022-0778

Vulnerability Analysis

The vulnerability resides in the BN_mod_sqrt() function within OpenSSL's big number (BN) library. This function is designed to compute the modular square root of a number, a mathematical operation essential for elliptic curve cryptography operations. The flaw manifests when the function receives a non-prime modulus as input, causing it to enter an infinite loop rather than returning an error or handling the edge case gracefully.

The impact is particularly severe because the vulnerable function is invoked during certificate parsing—a routine operation that occurs before any authentication or verification takes place. This means that merely receiving a malicious certificate is sufficient to trigger the denial of service, regardless of whether the certificate is valid or trusted.

Root Cause

The root cause is improper loop termination logic in the BN_mod_sqrt() function when handling non-prime moduli. The function's algorithm assumes it will eventually find a solution or determine no solution exists, but with carefully crafted non-prime moduli, the termination condition is never satisfied. This is classified as CWE-835 (Loop with Unreachable Exit Condition), also known as an infinite loop vulnerability.

Attack Vector

The attack can be delivered through multiple vectors, all involving the parsing of maliciously crafted cryptographic data:

TLS Client Attacks: A malicious server can send a crafted server certificate to TLS clients, causing the client application to hang indefinitely when parsing the certificate.

TLS Server Attacks: A malicious client can present a crafted client certificate during mutual TLS authentication, causing the server to become unresponsive.

Certificate Authority Attacks: Attackers can submit crafted Certificate Signing Requests (CSRs) to certificate authorities, potentially disrupting CA operations.

Self-Signed Certificate Attack: In OpenSSL 1.0.2, where public key parsing is deferred, attackers can use self-signed certificates to trigger the loop during signature verification.

The vulnerability can be triggered through any application using the BN_mod_sqrt() function where an attacker controls the parameter values, extending beyond certificate processing to any cryptographic operation utilizing this function.

Detection Methods for CVE-2022-0778

Indicators of Compromise

  • Processes consuming 100% CPU indefinitely when handling TLS connections or certificate operations
  • OpenSSL-dependent services becoming unresponsive without apparent cause
  • Abnormal increase in connection timeouts from TLS-enabled services
  • Log entries showing incomplete or stalled certificate parsing operations

Detection Strategies

  • Monitor CPU utilization for OpenSSL-linked processes showing sustained high CPU without corresponding network activity
  • Implement watchdog timers around certificate parsing operations to detect hung processes
  • Deploy network intrusion detection rules to identify certificates with unusual elliptic curve parameters
  • Use application performance monitoring to track TLS handshake durations for anomalies

Monitoring Recommendations

  • Enable detailed logging for certificate processing operations to identify parsing delays
  • Set up alerts for service availability degradation on TLS-enabled endpoints
  • Monitor thread pool exhaustion in applications handling concurrent TLS connections
  • Track connection queue depths for services accepting TLS connections

How to Mitigate CVE-2022-0778

Immediate Actions Required

  • Upgrade OpenSSL to version 3.0.2, 1.1.1n, or 1.0.2zd immediately
  • Restart all services linked against OpenSSL after upgrading the library
  • Review and update all embedded systems and appliances that bundle OpenSSL
  • Check dependent software (Node.js, MariaDB, Nessus) for vendor-specific patches

Patch Information

OpenSSL released patches on March 15, 2022. The fix adds proper validation of moduli in the BN_mod_sqrt() function to prevent infinite loops. Apply the following version upgrades based on your deployment:

Affected VersionFixed Version
OpenSSL 3.0.0-3.0.13.0.2
OpenSSL 1.1.1-1.1.1m1.1.1n
OpenSSL 1.0.2-1.0.2zc1.0.2zd

Refer to the OpenSSL Security Advisory 20220315 for official patch information. Additional vendor-specific advisories are available from Debian Security Advisory DSA-5103, NetApp Security Advisory NTAP-20220321-0002, and Oracle Security Alerts.

Workarounds

  • Implement network-level filtering to block certificates with suspicious elliptic curve parameters where feasible
  • Configure process supervisors to automatically restart OpenSSL-dependent services that become unresponsive
  • Implement connection timeouts and circuit breakers for TLS handshake operations
  • Consider temporarily disabling elliptic curve cipher suites if patching cannot be performed immediately (note: this may significantly impact security and compatibility)
bash
# Verify OpenSSL version to confirm patched status
openssl version -a

# Check if your OpenSSL is vulnerable (versions before 1.1.1n, 3.0.2, or 1.0.2zd are affected)
# Expected output for patched versions:
# OpenSSL 1.1.1n  15 Mar 2022
# OpenSSL 3.0.2   15 Mar 2022
# OpenSSL 1.0.2zd  15 Mar 2022

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechOpenssl
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability8.30%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-835
  • Technical References
  • Packet Storm Security Report
  • Full Disclosure Post #33
  • Full Disclosure Post #35
  • Full Disclosure Post #38
  • Siemens Security Advisory SSA-712929
  • OpenSSL Commit Diff #3118eb6
  • OpenSSL Commit Diff #3800854
  • OpenSSL Commit Diff #a466912
  • Debian LTS Announcement #23
  • Debian LTS Announcement #24
  • Fedora Package Announcement #1
  • Fedora Package Announcement #2
  • Fedora Package Announcement #3
  • SonicWall Security Advisory SNWLID-2022-0002
  • Gentoo GLSA 202210-02
  • NetApp Security Advisory NTAP-20220321-0002
  • NetApp Security Advisory NTAP-20220429-0005
  • NetApp Security Advisory NTAP-20240621-0006
  • Apple Support Document HT213255
  • Apple Support Document HT213256
  • Apple Support Document HT213257
  • Debian Security Advisory DSA-5103
  • Oracle Security Alert April 2022
  • Oracle Security Alert July 2022
  • Tenable Security Notice TNS-2022-06
  • Tenable Security Notice TNS-2022-07
  • Tenable Security Notice TNS-2022-08
  • Tenable Security Notice TNS-2022-09
  • Vendor Resources
  • OpenSSL Security Advisory 20220315
  • Related CVEs
  • CVE-2026-22795: OpenSSL PKCS#12 Parsing DoS Vulnerability
  • CVE-2025-69421: OpenSSL PKCS#12 DoS Vulnerability
  • CVE-2025-69420: OpenSSL TimeStamp DoS Vulnerability
  • CVE-2025-66199: OpenSSL TLS 1.3 DoS Vulnerability
Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English