IRONSMITHINTEL
HIGHCVSS7.5
|CVE-2022-0778|Auth: none|Reboot: not required|Est. 20–40 minutes|Manual only

OpenSSL < 1.1.1n — DoS

A malformed TLS certificate can cause any application using OpenSSL to hang indefinitely, enabling remote denial of service against servers that process client certificates.

Published May 7, 2026 · Updated May 10, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

An attacker can send a malformed TLS certificate to any server that processes certificates using a vulnerable OpenSSL version. The server process will enter an infinite loop consuming 100% of a CPU core and never completing the handshake, effectively rendering the service unavailable. No authentication is required — the attack is triggered before any authentication occurs.

How the attack works

OpenSSL's BN_mod_sqrt() function, used during TLS certificate parsing, can be triggered into an infinite loop by a certificate containing an elliptic curve parameter with a specially crafted prime number. Any server that parses TLS certificates — including those accepting client certificates, or parsing certificates during TLS handshake — is vulnerable. OpenSSL is embedded in countless applications including Apache httpd, nginx, Python, Node.js, and many others.

Am I affected?Quick check

Probably yes if any of these apply:

Any server running services that use OpenSSL for TLS
Web servers
API servers
VPN endpoints
Running OpenSSL 1.0.2, 1.1.1 before 1.1.1n, 3.0 before 3.0.2

Affected OS versions

Windows Server 2016Windows Server 2019Windows Server 2022
Fixed in1.1.1n / 3.0.2
Real-world incidentsWhat we've seen

TLS denial-of-service vulnerabilities are particularly impactful for internet-facing services where any unauthenticated client can initiate a TLS handshake. A single attacker with a low-bandwidth connection can sustain a CPU exhaustion attack against a vulnerable server.

How to patch

Manual remediation steps

20–40 minutes

Step 1 — Check OpenSSL Version

# Check standalone OpenSSL
openssl version 2>$null

# Check Git for Windows bundled OpenSSL
$gitOpenssl = (Get-Command git -ErrorAction SilentlyContinue)?.Source -replace 'git.exe', 'openssl.exe'
if ($gitOpenssl -and (Test-Path $gitOpenssl)) { & $gitOpenssl version }

# Check Python bundled OpenSSL
python -c "import ssl; print(ssl.OPENSSL_VERSION)" 2>$null

Step 2 — Update OpenSSL

Via Git for Windows

Update Git for Windows to 2.36.0 or later which bundles OpenSSL 1.1.1n+

Via Python

Update Python — newer Python versions bundle updated OpenSSL

Standalone OpenSSL

1
Download OpenSSL 1.1.1n or 3.0.2+ from: slproweb.com/products/Win32OpenSSL.html (Win64 OpenSSL)
2
Install, replacing the existing version

Verification

openssl version
# Must show 1.1.1n, 3.0.2, or later
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2022-0778NVD