Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-2097

Good to know:

icon

Date: July 5, 2022

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Language: RUST

Severity Score

Related Resources (30)

https://security.netapp.com/advisory/ntap-20230420-0008/
https://www.debian.org/security/2023/dsa-5343
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
https://nvd.nist.gov/vuln/detail/CVE-2022-2097
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
https://security.gentoo.org/glsa/202210-02
https://rustsec.org/advisories/RUSTSEC-2022-0032.html
https://github.com/alexcrichton/openssl-src-rs
https://crates.io/crates/openssl-src
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
https://www.openssl.org/news/secadv/20220705.txt
https://security.netapp.com/advisory/ntap-20220715-0011
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
https://security.netapp.com/advisory/ntap-20240621-0006
https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html
https://access.redhat.com/security/cve/CVE-2022-2097
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20220715-0011/
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93
https://security.netapp.com/advisory/ntap-20230420-0008
https://www.mend.io/vulnerability-database/CVE-2022-2097

Severity Score

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

Missing Encryption of Sensitive Data

CWE-311

Top Fix

icon

Upgrade Version

Upgrade to version OpenSSL_1_1_1q,openssl-3.0.5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us