{"vulnerability": "CVE-2022-1292", "sightings": [{"uuid": "4798df1d-18fe-4aae-9b50-684c7148448b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mb6oextkyl2a", "content": "", "creation_timestamp": "2025-12-30T06:01:07.398412Z"}, {"uuid": "a9f7ea98-09a0-4f04-9c19-8fb02c1e89bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2321", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-1292 c_rehash POC\nURL\uff1ahttps://github.com/alcaparra/CVE-2022-1292\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-30T14:51:53.000000Z"}, {"uuid": "eb82ed8d-4710-4683-8ec1-11ddd40b9237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2313", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoCb of OpenSSL CVE-2022-1292\nURL\uff1ahttps://github.com/Ghost1032/CVE-2022-1292\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-29T06:00:37.000000Z"}, {"uuid": "16cb9c81-7100-4c67-9755-2931d69b8f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "seen", "source": "https://t.me/poxek/2419", "content": "#CVE #POC\n\nOpenSSL c_rehash Vulnerability\nCVE-2022-1292\n\nA flaw was found in OpenSSL. The c_rehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.", "creation_timestamp": "2022-09-01T09:00:04.000000Z"}, {"uuid": "a4e696a3-3bd1-46eb-9095-20acebf7abc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2279", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-1292\nURL\uff1ahttps://github.com/li8u99/CVE-2022-1292\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-24T09:55:00.000000Z"}, {"uuid": "05059ceb-55d1-4c9e-999e-6fc92a10e3e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/610", "content": "CVE-2022-1292\n\nOpenSSL - OS Command Injection\n\nhttps://github.com/li8u99/CVE-2022-1292", "creation_timestamp": "2022-05-30T08:59:34.000000Z"}, {"uuid": "606a87f8-61a4-40bc-8795-fc446e4f71d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/185", "content": "CVE-2022-1292 : OpenSSL - OS Command Injection\nCheck : https://github.com/li8u99/CVE-2022-1292\nPOC : https://github.com/rama291041610/CVE-2022-1292\nPOC : https://github.com/alcaparra/CVE-2022-1292", "creation_timestamp": "2022-05-31T01:30:11.000000Z"}, {"uuid": "86f81c7f-5e68-41da-9bf6-4c4ccc9267c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "published-proof-of-concept", "source": "Telegram/0Lw3YjLwuWuLrf0qZ8fbgWgfEczjwxfYsoa2lxVfd1RGCw", "content": "", "creation_timestamp": "2022-05-25T13:13:47.000000Z"}, {"uuid": "3a3f50f3-6382-48ae-aa49-82fe1c146e5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "seen", "source": "https://t.me/cibsecurity/44911", "content": "\u203c CVE-2022-2068 \u203c\n\nIn addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T18:27:59.000000Z"}, {"uuid": "0b15203c-d8ac-4735-9a13-397fb493c2c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-1292", "type": "seen", "source": "https://t.me/cibsecurity/41824", "content": "\u203c CVE-2022-1292 \u203c\n\nThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T20:33:53.000000Z"}]}