5.3

CVE-2022-2097

EPSS 0.41%
Published 05.07.2022 11:15:08
Last modified 21.11.2024 07:00:18
Source openssl-security@openssl.org
Teams watchlist Login
Open Login

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Affected products Warnungen 0 Metrics 3 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version >= 1.1.1 < 1.1.1q

OpenSSL ≫ OpenSSL Version >= 3.0.0 < 3.0.5

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Clustered Data Ontap Antivirus Connector Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Siemens ≫ Sinec Ins Version < 1.0

Siemens ≫ Sinec Ins Version1.0 Update-

Siemens ≫ Sinec Ins Version1.0 Updatesp1

Siemens ≫ Sinec Ins Version1.0 Updatesp2

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.605

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://security.netapp.com/advisory/ntap-20240621-0006/

https://security.gentoo.org/glsa/202210-02

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

https://www.openssl.org/news/secadv/20220705.txt

Vendor Advisory

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/

https://security.netapp.com/advisory/ntap-20220715-0011/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230420-0008/

https://www.debian.org/security/2023/dsa-5343

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-2097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-2097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-2097

EUVD