The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Check Point response to OpenSSL CVE-2022-0778 (possible infinite loop when parsing ECDSA certificates/keys)
Site to Site VPN, Remote Access VPN, Mobile Access / SSL VPN, HTTPS Inspection, Quantum Security Management, Multi-Domain Security Management, Quantum Edge, Quantum Scalable Chassis, Quantum Maestro, Quantum Spark Appliances, CloudGuard Network for AWS
R80.40, R81, R81.10, R81.20
A vulnerability was found in OpenSSL, making it possible to trigger an infinite loop by crafting a certificate with invalid explicit curve parameters. Because certificate parsing occurs before verification of the certificate signature, a process that parses an externally supplied certificate could be subject to a denial of service attack.
For more information, refer to CVE-2022-0778.
The indications of the issue are:
High CPU use
Stuck processes and services
This problem was fixed. The fix is included starting from: