First published: Tue Jul 05 2022(Updated: )
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openssl | <1:1.1.1k-7.el8_6 | 1:1.1.1k-7.el8_6 |
redhat/openssl | <1:3.0.1-41.el9_0 | 1:3.0.1-41.el9_0 |
OpenSSL OpenSSL | >=1.1.1<1.1.1q | |
OpenSSL OpenSSL | >=3.0.0<3.0.5 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
Apple iPadOS | ||
Netapp Clustered Data Ontap Antivirus Connector | ||
Apple macOS Ventura | ||
Apple macOS Ventura | ||
Apple macOS Big Sur | ||
Apple macOS Ventura | ||
Apple macOS Big Sur | ||
Apple macOS Monterey | ||
Apple macOS Monterey | ||
Apple macOS Monterey | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
Siemens Sinec Ins | <1.0 | |
Siemens Sinec Ins | =1.0 | |
Siemens Sinec Ins | =1.0-sp1 | |
Siemens Sinec Ins | =1.0-sp2 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
ubuntu/nodejs | <12.22.9~dfsg-1ubuntu3.1 | 12.22.9~dfsg-1ubuntu3.1 |
ubuntu/openssl | <1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.20 |
ubuntu/openssl | <1.1.1 | 1.1.1 |
ubuntu/openssl | <1.1.1 | 1.1.1 |
ubuntu/openssl | <3.0.2-0ubuntu1.6 | 3.0.2-0ubuntu1.6 |
ubuntu/openssl | <3.0.5-2ubuntu1 | 3.0.5-2ubuntu1 |
ubuntu/openssl | <3.0.5-2ubuntu1 | 3.0.5-2ubuntu1 |
ubuntu/openssl | <1.1.1<3.0.5 | 1.1.1 3.0.5 |
ubuntu/openssl | <3.0.5-2ubuntu1 | 3.0.5-2ubuntu1 |
redhat/openssl | <1.1.1 | 1.1.1 |
redhat/openssl | <3.0.5 | 3.0.5 |
All of | ||
Apple macOS Ventura | ||
Apple macOS Ventura | ||
All of | ||
Apple macOS Big Sur | ||
Apple macOS Ventura | ||
All of | ||
Apple macOS Big Sur | ||
Apple macOS Monterey | ||
All of | ||
Apple macOS Monterey | ||
Apple macOS Monterey | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
debian/openssl | <=1.1.1n-0+deb10u3 | 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u2 3.1.4-2 3.1.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The severity of CVE-2022-2097 is high.
CVE-2022-2097 affects 32-bit x86 platforms.
The impacted software for CVE-2022-2097 is OpenSSL.
To fix CVE-2022-2097, update OpenSSL to version 1.1.1 or higher.
For more information about CVE-2022-2097, you can refer to the following references: [Link 1](https://security-tracker.debian.org/tracker/CVE-2022-1292), [Link 2](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [Link 3](https://security-tracker.debian.org/tracker/CVE-2022-2068).