CVE-2022-2097

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-2097
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2097.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-2097
Aliases
Downstream
Related
Published
2022-07-05T11:15:08.340Z
Modified
2026-02-15T08:08:09.742221Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

References

Affected packages

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b0398a9753b603f20911ca70ad7773052a2446ff
Introduced
937e33de60bcfcd6f68e7250e5e6914ae1d1e1e4
Fixed
752a559547701c2c3179eca2122e7edcb7813954

Affected versions

v3.*
v3.0.0
v3.0.1
v3.0.1rc0
v3.0.2
v3.0.2rc0
v3.0.3
v3.0.3rc0
v3.0.4
v3.0.4rc0
v3.0.5rc0
wireshark-3.*
wireshark-3.0.0
wireshark-3.0.1
wireshark-3.0.2
wireshark-3.0.3
wireshark-3.0.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2097.json"