Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-2097

Опубликовано: 05 июл. 2022
Источник: debian

Описание

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
opensslfixed3.0.5-1package

Примечания

  • https://www.openssl.org/news/secadv/20220705.txt

  • https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93 (openssl-3.0.5)

  • https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=919925673d6c9cfed3c1085497f5dfbbed5fc431 (OpenSSL_1_1_1q)

Связанные уязвимости

ubuntu логотип

CVE-2022-2097

CVSS3: 5.3
ubuntu
больше 3 лет назад

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

redhat логотип

CVE-2022-2097

CVSS3: 5.3
redhat
больше 3 лет назад

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

nvd логотип

CVE-2022-2097

CVSS3: 5.3
nvd
больше 3 лет назад

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

msrc логотип

CVE-2022-2097

CVSS3: 5.3
msrc
около 3 лет назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2022:2328-1

suse-cvrf
больше 3 лет назад

Security update for openssl-1_1