{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2097", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "dateUpdated": "2024-09-17T01:06:49.390Z", "dateReserved": "2022-06-16T00:00:00", "datePublished": "2022-07-05T10:30:13.658000Z"}, "containers": {"cna": {"title": "AES OCB fails to encrypt some bytes", "datePublic": "2022-07-05T00:00:00", "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2024-06-21T19:07:25.963480"}, "descriptions": [{"lang": "en", "value": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)."}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"version": "Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)", "status": "affected"}, {"version": "Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)", "status": "affected"}]}], "references": [{"url": "https://www.openssl.org/news/secadv/20220705.txt"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"}, {"name": "FEDORA-2022-3fdc2d3047", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"}, {"name": "FEDORA-2022-89a17be281", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"}, {"url": "https://security.netapp.com/advisory/ntap-20220715-0011/"}, {"name": "FEDORA-2022-41890e9e44", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"}, {"name": "GLSA-202210-02", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-02"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"}, {"name": "DSA-5343", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5343"}, {"name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230420-0008/"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "credits": [{"lang": "en", "value": "Alex Chernyakhovsky"}], "metrics": [{"other": {"type": "unknown", "content": {"lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#moderate", "value": "Moderate"}}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Fencepost error"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.189Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openssl.org/news/secadv/20220705.txt", "tags": ["x_transferred"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93", "tags": ["x_transferred"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-3fdc2d3047", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"}, {"name": "FEDORA-2022-89a17be281", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"}, {"url": "https://security.netapp.com/advisory/ntap-20220715-0011/", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-41890e9e44", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"}, {"name": "GLSA-202210-02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-02"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "tags": ["x_transferred"]}, {"name": "DSA-5343", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5343"}, {"name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230420-0008/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "openssl", "product": "openssl", "cpes": ["cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.1.1", "status": "affected", "lessThan": "1.1.1q", "versionType": "custom"}]}, {"vendor": "openssl", "product": "openssl", "cpes": ["cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.0", "status": "affected", "lessThan": "3.0.5", "versionType": "custom"}]}, {"vendor": "netapp", "product": "ontap_antivirus_connector", "cpes": ["cpe:2.3:a:netapp:ontap_antivirus_connector:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "netapp", "product": "ontap_select_deploy_administration_utility", "cpes": ["cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "35", "status": "affected"}, {"version": "36", "status": "affected"}]}, {"vendor": "netapp", "product": "active_iq_unified_manager_for_vmware_vsphere", "cpes": ["cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "netapp", "product": "hci_baseboard_management_controller", "cpes": ["cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "h300s", "status": "affected"}, {"version": "h410c", "status": "affected"}, {"version": "h410s", "status": "affected"}, {"version": "h500s", "status": "affected"}, {"version": "h700s", "status": "affected"}]}, {"vendor": "netapp", "product": "brocade_fabric_operating_system_firmware", "cpes": ["cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "netapp", "product": "snapcenter", "cpes": ["cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "netapp", "product": "oncommand_insight", "cpes": ["cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "netapp", "product": "smi-s_provider", "cpes": ["cpe:2.3:a:netapp:smi-s_provider:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected"}]}, {"vendor": "siemens", "product": "sinec_ins", "cpes": ["cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0_sp2_update_1", "versionType": "custom"}]}, {"vendor": "debian", "product": "debian_linux", "cpes": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.0", "status": "affected"}, {"version": "11.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T19:45:07.166681Z", "id": "CVE-2022-2097", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T15:19:36.662Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openssl.org/news/secadv/20220705.txt", "tags": ["x_transferred"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93", "tags": ["x_transferred"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", "name": "FEDORA-2022-3fdc2d3047", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", "name": "FEDORA-2022-89a17be281", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20220715-0011/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", "name": "FEDORA-2022-41890e9e44", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202210-02", "name": "GLSA-202210-02", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5343", "name": "DSA-5343", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230420-0008/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.189Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2097", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-26T19:45:07.166681Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*"], "vendor": "openssl", "product": "openssl", "versions": [{"status": "affected", "version": "1.1.1", "lessThan": "1.1.1q", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*"], "vendor": "openssl", "product": "openssl", "versions": [{"status": "affected", "version": "3.0.0", "lessThan": "3.0.5", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:ontap_antivirus_connector:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "ontap_antivirus_connector", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "ontap_select_deploy_administration_utility", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "35"}, {"status": "affected", "version": "36"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "active_iq_unified_manager_for_vmware_vsphere", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "hci_baseboard_management_controller", "versions": [{"status": "affected", "version": "h300s"}, {"status": "affected", "version": "h410c"}, {"status": "affected", "version": "h410s"}, {"status": "affected", "version": "h500s"}, {"status": "affected", "version": "h700s"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "brocade_fabric_operating_system_firmware", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "snapcenter", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_insight", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:smi-s_provider:*:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "smi-s_provider", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "sinec_ins", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0_sp2_update_1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "10.0"}, {"status": "affected", "version": "11.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T19:51:37.167Z"}}], "cna": {"title": "AES OCB fails to encrypt some bytes", "credits": [{"lang": "en", "value": "Alex Chernyakhovsky"}], "metrics": [{"other": {"type": "unknown", "content": {"url": "https://www.openssl.org/policies/secpolicy.html#moderate", "lang": "eng", "value": "Moderate"}}}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"status": "affected", "version": "Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)"}, {"status": "affected", "version": "Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)"}]}], "datePublic": "2022-07-05T00:00:00", "references": [{"url": "https://www.openssl.org/news/secadv/20220705.txt"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", "name": "FEDORA-2022-3fdc2d3047", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", "name": "FEDORA-2022-89a17be281", "tags": ["vendor-advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20220715-0011/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", "name": "FEDORA-2022-41890e9e44", "tags": ["vendor-advisory"]}, {"url": "https://security.gentoo.org/glsa/202210-02", "name": "GLSA-202210-02", "tags": ["vendor-advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"}, {"url": "https://www.debian.org/security/2023/dsa-5343", "name": "DSA-5343", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", "tags": ["mailing-list"]}, {"url": "https://security.netapp.com/advisory/ntap-20230420-0008/"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}], "descriptions": [{"lang": "en", "value": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Fencepost error"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2024-06-21T19:07:25.963480"}}}, "cveMetadata": {"cveId": "CVE-2022-2097", "state": "PUBLISHED", "dateUpdated": "2024-09-17T01:06:49.390Z", "dateReserved": "2022-06-16T00:00:00", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "datePublished": "2022-07-05T10:30:13.658000Z", "assignerShortName": "openssl"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "64B76070-177E-4044-B562-49F6A27F4921", "versionEndExcluding": "1.1.1q", "versionStartIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "90A8CB87-4C26-472D-8770-84D1195F2FD1", "versionEndExcluding": "3.0.5", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", "matchCriteriaId": "C89891C1-DFD7-4E1F-80A9-7485D86A15B5", "versionEndExcluding": "1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*", "matchCriteriaId": "4664B195-AF14-4834-82B3-0B2C98020EB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "75BC588E-CDF0-404E-AD61-02093A1DF343", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "A334F7B4-7283-4453-BAED-D2E01B7F8A6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)."}, {"lang": "es", "value": "El modo AES OCB para plataformas x86 de 32 bits que utilizan la implementaci\u00f3n optimizada de ensamblaje AES-NI no cifrar\u00e1 la totalidad de los datos en algunas circunstancias. Esto podr\u00eda revelar diecis\u00e9is bytes de datos que ya exist\u00edan en la memoria y que no estaban escritos. En el caso especial del cifrado \"in situ\", se revelar\u00edan diecis\u00e9is bytes del texto sin formato. Dado que OpenSSL no es compatible con conjuntos de cifrado basados ??en OCB para TLS y DTLS, ambos no est\u00e1n afectados. Corregido en OpenSSL versi\u00f3n 3.0.5 (Afectado 3.0.0-3.0.4). Corregido en OpenSSL 1.1.1q (Afectado 1.1.1-1.1.1p)"}], "id": "CVE-2022-2097", "lastModified": "2024-06-21T19:15:23.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-05T11:15:08.340", "references": [{"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"}, {"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"}, {"source": "openssl-security@openssl.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-02"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5343"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20220705.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Alex Chernyakhovsky (Google) as the original reporter.", "affected_release": [{"advisory": "RHSA-2022:5818", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "openssl-1:1.1.1k-7.el8_6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-03T00:00:00Z"}, {"advisory": "RHSA-2022:6224", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-41.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-08-30T00:00:00Z"}, {"advisory": "RHSA-2022:6224", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-41.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-08-30T00:00:00Z"}], "bugzilla": {"description": "openssl: AES OCB fails to encrypt some bytes", "id": "2104905", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-325", "details": ["AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed."], "name": "CVE-2022-2097", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 5"}], "public_date": "2022-07-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-2097\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2097\nhttps://www.openssl.org/news/secadv/20220705.txt"], "statement": "Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 ship OpenSSL 1.0 which does not contain the incorrect assembly code (introduced upstream with commit bd30091). Similarly, the versions of `shim` as shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this issue as they bundle openssl-1.0.2j.", "threat_severity": "Moderate", "upstream_fix": "openssl 1.1.1q, openssl 3.0.5"}