221 matches found
CVE-2022-2097 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-2097 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-2097
CVE-2022-2097 affects OpenSSL: AES OCB mode on 32-bit x86 with AES-NI optimization can fail to encrypt the full data, potentially leaking 16 bytes of memory (or plaintext in in-place mode). OpenSSL TLS/DTLS cipher suites are unaffected. Affected releases: OpenSSL 3.0.0–3.0.4 and OpenSSL 1.1.1 thr...
CVE-2022-2097 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
Vulnerability in OpenSSL - AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of “in place” encryption...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
OpenSSL 1.1.1 < 1.1.1q Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1q. It is, therefore, affected by a vulnerability as referenced in the 1.1.1q advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenSSL vulnerability (USN-5502-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5502-1 advisory. Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on...
OpenSSL 3.0.0 < 3.0.5 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.5 advisory. - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions...
FreeBSD : OpenSSL -- AES OCB fails to encrypt some bytes (a28e8b7e-fc70-11ec-856e-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a28e8b7e-fc70-11ec-856e-d4c9ef517024 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...
OpenSSL -- AES OCB fails to encrypt some bytes
The OpenSSL project reports: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special...
Node.js -- July 7th 2022 Security Releases
Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...
GSD-2021-1001131 cfg80211: call cfg80211_leave_ocb when switching away from OCB
cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.14 by commit...
GSD-2021-1001116 cfg80211: call cfg80211_leave_ocb when switching away from OCB
cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.129 by commit...
UVI-2021-1001110 cfg80211: call cfg80211_leave_ocb when switching away from OCB
cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.196 by commit...
UVI-2021-1001104 cfg80211: call cfg80211_leave_ocb when switching away from OCB
cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.238 by commit...
GSD-2021-1001098 cfg80211: call cfg80211_leave_ocb when switching away from OCB
cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.274 by commit...
UVI-2021-1001098 cfg80211: call cfg80211_leave_ocb when switching away from OCB
cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.274 by commit...