Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2022-2097

UNKNOWN

Published 2022-07-05T10:30:13.658000Z

Actions:

No CVSS data available

Description

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

OpenSSL

Affected Versions:

Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4) Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)

openssl

Affected Versions:

1.1.1

openssl

Affected Versions:

3.0.0

ontap_antivirus_connector

Affected Versions:

0

ontap_select_deploy_administration_utility

Affected Versions:

0

fedora

Affected Versions:

35 36

active_iq_unified_manager_for_vmware_vsphere

Affected Versions:

0

hci_baseboard_management_controller

Affected Versions:

h300s h410c h410s h500s h700s

brocade_fabric_operating_system_firmware

Affected Versions:

0

snapcenter

Affected Versions:

0

oncommand_insight

Affected Versions:

0

smi-s_provider

Affected Versions:

0

sinec_ins

Affected Versions:

0

debian_linux

Affected Versions:

10.0 11.0

References

https://www.openssl.org/news/secadv/20220705.txt

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/

https://security.netapp.com/advisory/ntap-20220715-0011/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

https://security.gentoo.org/glsa/202210-02

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

https://www.debian.org/security/2023/dsa-5343

https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html

https://security.netapp.com/advisory/ntap-20230420-0008/

https://security.netapp.com/advisory/ntap-20240621-0006/

Published: 2022-07-05T10:30:13.658000Z

Last Modified: 2024-09-17T01:06:49.390Z

Copied to clipboard!