CVE-2022-2097

Published: Jul 5, 2022Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Affected (16)

Products: Openssl: Openssl · Fedoraproject: Fedora · Netapp: Active Iq Unified Manager, Clustered Data Ontap Antivirus Connector, H500s Firmware, H700s Firmware, H410s Firmware, H410c Firmware · +2 more

Show all products

Openssl: Openssl · Fedoraproject: Fedora · Netapp: Active Iq Unified Manager, Clustered Data Ontap Antivirus Connector, H500s Firmware, H700s Firmware, H410s Firmware, H410c Firmware · Siemens: Sinec Ins · Debian: Debian Linux

1 product

1 product

6 products

Active Iq Unified Manager

Clustered Data Ontap Antivirus Connector

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openssl Openssl	From 1.1.1 to 1.1.1q
Openssl Openssl	From 3.0.0 to 3.0.5

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Clustered Data Ontap Antivirus Connector	All versions

Configuration D

1 platform

Running on/with	Platform Versions
Netapp H300s Firmware	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration I

4 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinec Ins	Before 1.0
Siemens Sinec Ins	Version 1.0
Siemens Sinec Ins	Version 1.0 sp1
Siemens Sinec Ins	Version 1.0 sp2

Configuration J

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (26)

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Source: openssl-security@openssl.org

Third Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

Source: openssl-security@openssl.org

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

Source: openssl-security@openssl.org

https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html

Source: openssl-security@openssl.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/

Source: openssl-security@openssl.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/

Source: openssl-security@openssl.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

Source: openssl-security@openssl.org

https://security.gentoo.org/glsa/202210-02

Source: openssl-security@openssl.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220715-0011/

Source: openssl-security@openssl.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230420-0008/

Source: openssl-security@openssl.org

https://security.netapp.com/advisory/ntap-20240621-0006/

Source: openssl-security@openssl.org

https://www.debian.org/security/2023/dsa-5343

Source: openssl-security@openssl.org

Third Party Advisory

https://www.openssl.org/news/secadv/20220705.txt

Source: openssl-security@openssl.org

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

Source: af854a3a-2127-422b-91ae-364da2661108

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202210-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220715-0011/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230420-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240621-0006/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2023/dsa-5343

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openssl.org/news/secadv/20220705.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.