Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-2097

UNKNOWN
Published 2022-07-05T10:30:13.658000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-2097. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

OpenSSL

OpenSSL

Affected Versions:

Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4) Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)
openssl

openssl

Affected Versions:

1.1.1
openssl

openssl

Affected Versions:

3.0.0
netapp

ontap_antivirus_connector

Affected Versions:

0
netapp

ontap_select_deploy_administration_utility

Affected Versions:

0
fedoraproject

fedora

Affected Versions:

35 36
netapp

active_iq_unified_manager_for_vmware_vsphere

Affected Versions:

0
netapp

hci_baseboard_management_controller

Affected Versions:

h300s h410c h410s h500s h700s
netapp

brocade_fabric_operating_system_firmware

Affected Versions:

0
netapp

snapcenter

Affected Versions:

0
netapp

oncommand_insight

Affected Versions:

0
netapp

smi-s_provider

Affected Versions:

0
siemens

sinec_ins

Affected Versions:

0
debian

debian_linux

Affected Versions:

10.0 11.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

AES OCB fails to encrypt some bytes

GHSA-3wx7-46ch-7rq2

Advisory Details

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.

Affected Packages

crates.io openssl-src
ECOSYSTEM: ≥0 <111.22.0
crates.io openssl-src
ECOSYSTEM: ≥300.0.0 <300.0.9

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-2097
WEB https://www.openssl.org/news/secadv/20220705.txt
WEB https://www.debian.org/security/2023/dsa-5343
WEB https://security.netapp.com/advisory/ntap-20240621-0006
WEB https://security.netapp.com/advisory/ntap-20230420-0008
WEB https://security.netapp.com/advisory/ntap-20220715-0011
WEB https://security.gentoo.org/glsa/202210-02
WEB https://rustsec.org/advisories/RUSTSEC-2022-0032.html
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
WEB https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html
PACKAGE https://github.com/alexcrichton/openssl-src-rs
WEB https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93
WEB https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431
WEB https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
WEB https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Advisory provided by GitHub Security Advisory Database. Published: July 6, 2022, Modified: June 24, 2024

References

https://www.openssl.org/news/secadv/20220705.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
https://security.netapp.com/advisory/ntap-20220715-0011/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
https://security.gentoo.org/glsa/202210-02
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
https://www.debian.org/security/2023/dsa-5343
https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html
https://security.netapp.com/advisory/ntap-20230420-0008/
https://security.netapp.com/advisory/ntap-20240621-0006/
Published: 2022-07-05T10:30:13.658000Z
Last Modified: 2024-09-17T01:06:49.390Z
Copied to clipboard!