CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type

GIT

Repo

https://github.com/openssl/openssl

Events

Introduced

e04bd3433fd84e1861bf258ea37928d9845e6a86

Fixed

e04bd3433fd84e1861bf258ea37928d9845e6a86

Introduced

89cd17a031e022211684eb7eb41190cf1910f9fa

Fixed

ad4910fad22d57c6d685b0ca83bdb7b2bf69d8fd

Introduced

Fixed

bf059c2efc4db5c09970fd3d2c392432b0ac6a12

Introduced

Last affected

bf059c2efc4db5c09970fd3d2c392432b0ac6a12

Introduced

Last affected

888759a1d38197f29de7227876c3b58fbff8549f

Introduced

Last affected

e818b74be2170fbe957a07b0da4401c2b694b3b8

Database specific

{
    "versions": [
        {
            "introduced": "1.1.1"
        },
        {
            "fixed": "1.1.1q"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.5"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-sp1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0-sp2"
        }
    ]
}

Affected versions

Other

BEFORE_engine

BEN_FIPS_TEST_7

BEN_FIPS_TEST_8

FIPS_TEST_10

FIPS_TEST_9

OpenSSL_0_9_1c

OpenSSL_0_9_2b

OpenSSL_0_9_3

OpenSSL_0_9_3a

OpenSSL_0_9_3beta2

OpenSSL_0_9_4

OpenSSL_0_9_5a

OpenSSL_0_9_5a-beta1

OpenSSL_0_9_5a-beta2

OpenSSL_0_9_5beta1

OpenSSL_0_9_5beta2

OpenSSL_0_9_6-beta3

OpenSSL_0_9_7

OpenSSL_0_9_7-beta1

OpenSSL_0_9_7-beta2

OpenSSL_0_9_7-beta3

OpenSSL_0_9_7-beta4

OpenSSL_0_9_7-beta6

OpenSSL_0_9_7a

OpenSSL_0_9_7b

OpenSSL_0_9_7c

OpenSSL_0_9_7e

OpenSSL_0_9_7f

OpenSSL_0_9_7g

OpenSSL_0_9_7h

OpenSSL_0_9_7i

OpenSSL_1_0_1

OpenSSL_1_0_1-beta1

OpenSSL_1_0_1-beta2

OpenSSL_1_0_1-beta3

OpenSSL_1_0_1-post-auto-reformat

OpenSSL_1_0_1-post-reformat

OpenSSL_1_0_1-pre-auto-reformat

OpenSSL_1_0_1-pre-reformat

OpenSSL_1_0_1a

OpenSSL_1_0_1b

OpenSSL_1_0_1c

OpenSSL_1_0_1d

OpenSSL_1_0_1e

OpenSSL_1_0_1f

OpenSSL_1_0_1g

OpenSSL_1_0_1h

OpenSSL_1_0_1i

OpenSSL_1_0_1j

OpenSSL_1_0_1k

OpenSSL_1_0_1l

OpenSSL_1_0_1m

OpenSSL_1_0_1n

OpenSSL_1_0_1o

OpenSSL_1_0_1p

OpenSSL_1_0_1q

OpenSSL_1_0_1r

OpenSSL_1_0_1s

OpenSSL_1_0_1t

OpenSSL_1_0_1u

OpenSSL_1_0_2

OpenSSL_1_0_2-beta1

OpenSSL_1_0_2-beta2

OpenSSL_1_0_2-beta3

OpenSSL_1_0_2-post-auto-reformat

OpenSSL_1_0_2-post-reformat

OpenSSL_1_0_2-pre-auto-reformat

OpenSSL_1_0_2-pre-reformat

OpenSSL_1_0_2a

OpenSSL_1_0_2b

OpenSSL_1_0_2c

OpenSSL_1_0_2d

OpenSSL_1_0_2e

OpenSSL_1_0_2f

OpenSSL_1_0_2g

OpenSSL_1_0_2h

OpenSSL_1_0_2i

OpenSSL_1_0_2j

OpenSSL_1_0_2k

OpenSSL_1_0_2l

OpenSSL_1_0_2m

OpenSSL_1_0_2n

OpenSSL_1_0_2o

OpenSSL_1_0_2p

OpenSSL_1_0_2q

OpenSSL_1_0_2r

OpenSSL_1_0_2s

OpenSSL_1_0_2t

OpenSSL_1_0_2u

OpenSSL_1_1_0-pre1

OpenSSL_1_1_0-pre2

OpenSSL_1_1_0-pre3

OpenSSL_1_1_0-pre4

OpenSSL_1_1_0-pre5

OpenSSL_1_1_0-pre6

OpenSSL_1_1_1

OpenSSL_1_1_1-pre1

OpenSSL_1_1_1-pre2

OpenSSL_1_1_1-pre3

OpenSSL_1_1_1-pre4

OpenSSL_1_1_1-pre5

OpenSSL_1_1_1-pre6

OpenSSL_1_1_1-pre7

OpenSSL_1_1_1-pre8

OpenSSL_1_1_1-pre9

OpenSSL_1_1_1a

OpenSSL_1_1_1b

OpenSSL_1_1_1c

OpenSSL_1_1_1d

OpenSSL_1_1_1e

OpenSSL_1_1_1f

OpenSSL_1_1_1g

OpenSSL_1_1_1h

OpenSSL_1_1_1i

OpenSSL_1_1_1j

OpenSSL_1_1_1k

OpenSSL_1_1_1l

OpenSSL_1_1_1m

OpenSSL_1_1_1n

OpenSSL_1_1_1o

OpenSSL_1_1_1p

OpenSSL_1_1_1q

OpenSSL_1_1_1r

OpenSSL_1_1_1s

OpenSSL_1_1_1t

OpenSSL_1_1_1u

OpenSSL_1_1_1v

OpenSSL_FIPS_1_0

master-post-auto-reformat

master-post-reformat

master-pre-auto-reformat

master-pre-reformat

openssl-3.*

openssl-3.0.0

openssl-3.0.1

openssl-3.0.2

openssl-3.0.3

openssl-3.0.4

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "28170854778703993674264004058177114599",
                "73132526844288570625317440636111911761",
                "177405411499435185068645597737938634778",
                "224809958623850711330610094965797758930",
                "295554444428855106393106961197201359586"
            ]
        },
        "id": "CVE-2022-2097-c377fa22",
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
        "deprecated": false,
        "target": {
            "file": "include/openssl/opensslv.h"
        },
        "signature_version": "v1"
    }
]

vanir_signatures_modified

"2026-04-11T18:44:53Z"

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2097.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "36"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "11.0"
            }
        ]
    }
]