1. Home
  2. Vulnerabilities
  3. CVE-2022-2097

CVE-2022-2097

CVSS v3.1 5.3 (Medium)
53% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.37 % (73th)
0.37% Progress
Affected Products 16
Advisories 34
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Weaknesses
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE Status
PUBLISHED
NVD Status
Modified
CNA
OpenSSL Software Foundation
Published Date
2022-07-05 11:15:08
(2 years ago)
Updated Date
2024-06-21 19:15:23
(2 months ago)

Affected Products

Debian

Fedoraproject

Netapp

Openssl

Siemens

Configuration #1

    CPE23 From Up To
  Openssl from 1.1.1 version and prior 1.1.1q version cpe:2.3:a:openssl:openssl >= 1.1.1 < 1.1.1q
  Openssl from 3.0.0 version and prior 3.0.5 version cpe:2.3:a:openssl:openssl >= 3.0.0 < 3.0.5

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 35 cpe:2.3:o:fedoraproject:fedora:35
  Fedoraproject Fedora 36 cpe:2.3:o:fedoraproject:fedora:36

Configuration #3

    CPE23 From Up To
  Netapp Active Iq Unified Manager for Vmware Vsphere cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere
  Netapp Clustered Data Ontap Antivirus Connector cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-

Configuration #4

AND
    CPE23 From Up To
OR  
  Netapp H300s Firmware cpe:2.3:o:netapp:h300s_firmware:-
OR  
  Running on/with
  Netapp H300s Firmware cpe:2.3:o:netapp:h300s_firmware:-

Configuration #5

AND
    CPE23 From Up To
OR  
  Netapp H500s Firmware cpe:2.3:o:netapp:h500s_firmware:-
OR  
  Running on/with
  Netapp H500s cpe:2.3:h:netapp:h500s:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Netapp H700s cpe:2.3:h:netapp:h700s:-
OR  
  Running on/with
  Netapp H700s Firmware cpe:2.3:o:netapp:h700s_firmware:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Netapp H410s cpe:2.3:h:netapp:h410s:-
OR  
  Running on/with
  Netapp H410s Firmware cpe:2.3:o:netapp:h410s_firmware:-

Configuration #8

AND
    CPE23 From Up To
OR  
  Netapp H410c cpe:2.3:h:netapp:h410c:-
OR  
  Running on/with
  Netapp H410c Firmware cpe:2.3:o:netapp:h410c_firmware:-

Configuration #9

    CPE23 From Up To
  Siemens Sinec Ins prior 1.0 version cpe:2.3:a:siemens:sinec_ins < 1.0
  Siemens Sinec Ins 1.0 cpe:2.3:a:siemens:sinec_ins:1.0:-
  Siemens Sinec Ins 1.0 SP1 cpe:2.3:a:siemens:sinec_ins:1.0:sp1
  Siemens Sinec Ins 1.0 SP2 cpe:2.3:a:siemens:sinec_ins:1.0:sp2

Configuration #10

    CPE23 From Up To
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0
  Debian Linux 11.0 cpe:2.3:o:debian:debian_linux:11.0