Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 782 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CVE-2022-0778 for Sophos XG and XGS firewalls

John huong

Are the Sophos XG and XGS firewalls affected by CVE-2022-0778 ?



This thread was automatically locked due to age.
Parents
  • 0

    Had to go look it up: "The issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop." The flaw resides in a function called BN_mod_sqrt () that's used to compute the modular square root." Which can result in a denial-of-service on the server end.

Reply
  • 0

    Had to go look it up: "The issue stems from parsing a malformed certificate with invalid explicit elliptic-curve parameters, resulting in what's called an "infinite loop." The flaw resides in a function called BN_mod_sqrt () that's used to compute the modular square root." Which can result in a denial-of-service on the server end.

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?