Release date

ReferencePROCALL-1886
Criticality

HIGH

CVSS-Score7.3

Description

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. For further technical details see https://nvd.nist.gov/vuln/detail/CVE-2022-0778

Affected versions

This vulnerability affects all previously released versions of ProCall 7 Enterprise and ProCall 6 Enterprise.

  • 7.0, 7.1, 7.2, 7.3 (all sub-versions)
  • 6.0, 6.1, 6.2, 6.3, 6.4 (all sub-versions)
  • ProCall 5 Enterprise

ProCall Business 

  • 21H2

Versions with bug fixes

estos is preparing updates with fixes for the vulnerability. Customers and partners can then obtain the updates via the known channels and follow the normal update process:

No solution available

It is recommended to stop using the affected components publicly on the internet or to upgrade to a current version. Please contact your partner about this.

  • ProCall 5 Enterprise

End-of-life

Please note the following: If you are using older estos product versions that are no longer supported (End-of-Life has been reached), we strongly recommend updating your software to the current versions for security reasons.
This is because security patches are only regularly developed and made available for current software versions.