Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB
mode when using the AES-NI assembly optimized implementation on 32-bit
x86 platforms. A remote attacker could possibly use this issue to obtain
sensitive information.

References

ubuntu.com/security/CVE-2022-2097

ubuntu.com/security/notices/USN-5502-1

veracode 1

prion 1

broadcom 1

debiancve 1

alpinelinux 1

freebsd 2

ibm 21

redhatcve 1

ubuntu 2

openvas 41

nessus 58

suse 4

f5 1

cbl_mariner 2

github 1

fedora 3

osv 9

rustsec 1

ubuntucve 1

cve 1

cloudfoundry 1

amazon 2

openssl 1

mageia 1

slackware 1

redhat 21

oraclelinux 4

aix 1

almalinux 2

rocky 1

debian 2

photon 5

gentoo 1

nodejsblog 1

rosalinux 1

ics 1

veracode

Information Disclosure

2022-07-06 11:25:33

prion

Design/Logic Flaw

2022-07-05 11:15:00

broadcom

AES OCB fails to encrypt some bytes

2023-08-01 00:00:00

debiancve

CVE-2022-2097

2022-07-05 11:15:00

alpinelinux

CVE-2022-2097

2022-07-05 11:15:00

freebsd

OpenSSL -- AES OCB fails to encrypt some bytes

2022-07-05 00:00:00

Node.js -- July 7th 2022 Security Releases

2022-07-05 00:00:00

ibm

Security Bulletin: IBM Sterling Connect:Direct for UNIX container is vulnerable to obtain sensitive information due to OpenSSL (CVE-2022-2097)

2022-09-15 10:27:41

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in OpenSSL (CVE-2022-2097)

2023-02-01 16:05:06

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality due to CVE-2022-2097

2022-11-07 12:03:38

redhatcve

CVE-2022-2097

2022-07-07 18:14:40

ubuntu

OpenSSL vulnerability

2022-07-05 00:00:00

Node.js vulnerabilities

2023-10-30 00:00:00

openvas

OpenSSL: AES OCB fails to encrypt some bytes (CVE-2022-2097) - Windows

2022-07-06 00:00:00

openSUSE: Security Advisory for openssl-1_1 (SUSE-SU-2022:2328-1)

2022-07-08 00:00:00

Fedora: Security Advisory for openssl (FEDORA-2022-3fdc2d3047)

2022-07-10 00:00:00

nessus

Oracle MySQL Connectors (Oct 2022 CPU)

2022-10-20 00:00:00

OpenSSL 1.1.1 < 1.1.1q Vulnerability

2022-07-05 00:00:00

Amazon Linux 2022 : (ALAS2022-2022-147)

2022-10-14 00:00:00

suse

Security update for openssl-1_1 (important)

2022-07-07 00:00:00

Security update for openssl-1_1 (important)

2022-09-01 00:00:00

Security update for openssl-1_1 (important)

2022-07-06 00:00:00

K23605974 : OpenSSL vulnerability CVE-2022-2097

2022-08-18 00:00:00

cbl_mariner

CVE-2022-2097 affecting package openssl 1.1.1k-20

2022-09-13 22:36:40

CVE-2022-2097 affecting package openssl 1.1.1k-12

2022-07-14 20:59:56

github

AES OCB fails to encrypt some bytes

2022-07-06 19:57:19

fedora

[SECURITY] Fedora 36 Update: openssl1.1-1.1.1q-1.fc36

2022-07-15 01:18:00

[SECURITY] Fedora 36 Update: openssl-3.0.5-1.fc36

2022-07-09 01:24:48

[SECURITY] Fedora 35 Update: openssl-1.1.1q-1.fc35

2022-07-23 02:27:30

osv

AES OCB fails to encrypt some bytes

2022-07-06 19:57:19

AES OCB fails to encrypt some bytes

2022-07-05 12:00:00

CVE-2022-2097

2022-07-05 11:15:08

rustsec

AES OCB fails to encrypt some bytes

2022-07-05 12:00:00

ubuntucve

CVE-2022-2097

2022-07-05 00:00:00

cve

CVE-2022-2097

2022-07-05 11:15:00

cloudfoundry

USN-5502-1: OpenSSL vulnerability | Cloud Foundry

2022-08-26 00:00:00

amazon

Medium: openssl11

2023-03-02 22:35:00

Important: edk2

2024-03-13 20:26:00

openssl

Vulnerability in OpenSSL CVE-2022-2097

2022-07-05 00:00:00

mageia

Updated openssl packages fix security vulnerability

2022-07-12 11:32:28

slackware

[slackware-security] openssl

2022-07-05 20:24:36

redhat

(RHSA-2022:5818) Moderate: openssl security update

2022-08-02 07:00:02

(RHSA-2022:6224) Moderate: openssl security and bug fix update

2022-08-30 15:46:32

(RHSA-2022:6517) Important: Release of containers for OSP 16.2.z director operator tech preview

2022-09-14 12:42:43

oraclelinux

openssl security update

2022-08-05 00:00:00

openssl security update

2022-08-02 00:00:00

openssl security and bug fix update

2022-08-30 00:00:00

aix

AIX is vulnerable to arbitrary command execution due to OpenSSL

2022-08-17 16:39:03

almalinux

Moderate: openssl security update

2022-08-03 00:00:00

Moderate: openssl security and bug fix update

2022-08-30 00:00:00

rocky

openssl security update

2022-08-02 07:00:02

debian

[SECURITY] [DSA 5343-1] openssl security update

2023-02-07 21:05:48

[SECURITY] [DLA 3325-1] openssl security update

2023-02-20 11:11:21

photon

Important Photon OS Security Update - PHSA-2022-0207

2022-07-06 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0207

2022-07-06 00:00:00

Important Photon OS Security Update - PHSA-2022-0493

2022-07-08 00:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2022-10-16 00:00:00

nodejsblog

July 7th 2022 Security Releases

2022-07-07 00:00:00

rosalinux

Advisory ROSA-SA-2023-2211

2023-08-08 08:12:52

ics

Siemens SINEC INS

2023-01-17 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for OSV:USN-5502-1