QwikSec

Security Database

CVE

CWE

Training

CVE-2022-2097

Published: Jul 5, 2022

Modified: Sep 17, 2024

PUBLISHED

Description

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Vendor	Product	Versions
OpenSSL	OpenSSL	affected `Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)` affected `Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)`

References

https://www.openssl.org/news/secadv/20220705.txt

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

FEDORA-2022-3fdc2d3047

vendor-advisory

FEDORA-2022-89a17be281

vendor-advisory

https://security.netapp.com/advisory/ntap-20220715-0011/

FEDORA-2022-41890e9e44

vendor-advisory

vendor-advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

vendor-advisory

[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update

mailing-list

https://security.netapp.com/advisory/ntap-20230420-0008/

https://security.netapp.com/advisory/ntap-20240621-0006/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.