{"id":"CVE-2022-2097","details":"AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).","aliases":["GHSA-3wx7-46ch-7rq2","RUSTSEC-2022-0032"],"modified":"2026-04-02T07:42:20.259535Z","published":"2022-07-05T11:15:08.340Z","related":["ALSA-2022:5818","ALSA-2022:6224","CGA-mwhc-9qv9-2p32","MGASA-2022-0255","SUSE-SU-2022:2306-1","SUSE-SU-2022:2308-1","SUSE-SU-2022:2309-1","SUSE-SU-2022:2311-1","SUSE-SU-2022:2312-1","SUSE-SU-2022:2328-1","SUSE-SU-2022:2417-1","openSUSE-SU-2022:2328-1","openSUSE-SU-2024:12179-1","openSUSE-SU-2024:12204-1"],"references":[{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-02"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230420-0008/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20220705.txt"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220715-0011/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5343"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"fixed":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"ad4910fad22d57c6d685b0ca83bdb7b2bf69d8fd"},{"introduced":"0"},{"fixed":"bf059c2efc4db5c09970fd3d2c392432b0ac6a12"},{"introduced":"0"},{"last_affected":"bf059c2efc4db5c09970fd3d2c392432b0ac6a12"},{"introduced":"0"},{"last_affected":"888759a1d38197f29de7227876c3b58fbff8549f"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"}],"database_specific":{"versions":[{"introduced":"1.1.1"},{"fixed":"1.1.1q"},{"introduced":"3.0.0"},{"fixed":"3.0.5"},{"introduced":"0"},{"fixed":"1.0"},{"introduced":"0"},{"last_affected":"1.0-NA"},{"introduced":"0"},{"last_affected":"1.0-sp1"},{"introduced":"0"},{"last_affected":"1.0-sp2"}]}}],"versions":["3.3-POST-CLANG-FORMAT-WEBKIT","3.3-PRE-CLANG-FORMAT-WEBKIT","3.4-POST-CLANG-FORMAT-WEBKIT","3.4-PRE-CLANG-FORMAT-WEBKIT","3.5-POST-CLANG-FORMAT-WEBKIT","3.5-PRE-CLANG-FORMAT-WEBKIT","3.6-POST-CLANG-FORMAT-WEBKIT","3.6-PRE-CLANG-FORMAT-WEBKIT","4.0-POST-CLANG-FORMAT-WEBKIT","4.0-PRE-CLANG-FORMAT-WEBKIT","AFTER_COMPAQ_PATCH","BEFORE_COMPAQ_PATCH","BEFORE_engine","BEN_FIPS_TEST_1","BEN_FIPS_TEST_2","BEN_FIPS_TEST_3","BEN_FIPS_TEST_4","BEN_FIPS_TEST_5","BEN_FIPS_TEST_6","BEN_FIPS_TEST_7","BEN_FIPS_TEST_8","FIPS_098_TEST_1","FIPS_098_TEST_2","FIPS_098_TEST_3","FIPS_098_TEST_4","FIPS_098_TEST_5","FIPS_098_TEST_6","FIPS_098_TEST_7","FIPS_098_TEST_8","FIPS_TEST_10","FIPS_TEST_9","LEVITTE_after_const","LEVITTE_before_const","OpenSSL-engine-0_9_6","OpenSSL-engine-0_9_6-beta1","OpenSSL-engine-0_9_6-beta2","OpenSSL-engine-0_9_6-beta3","OpenSSL-engine-0_9_6a","OpenSSL-engine-0_9_6a-beta1","OpenSSL-engine-0_9_6a-beta2","OpenSSL-engine-0_9_6a-beta3","OpenSSL-engine-0_9_6b","OpenSSL-engine-0_9_6c","OpenSSL-engine-0_9_6d","OpenSSL-engine-0_9_6d-beta1","OpenSSL-engine-0_9_6e","OpenSSL-engine-0_9_6f","OpenSSL-engine-0_9_6g","OpenSSL-engine-0_9_6h","OpenSSL-engine-0_9_6i","OpenSSL-engine-0_9_6j","OpenSSL-engine-0_9_6k","OpenSSL-engine-0_9_6l","OpenSSL-engine-0_9_6m","OpenSSL-fips-1_2_0","OpenSSL-fips-1_2_1","OpenSSL-fips-1_2_2","OpenSSL-fips-1_2_3","OpenSSL-fips-2_0","OpenSSL-fips-2_0-pl1","OpenSSL-fips-2_0-rc1","OpenSSL-fips-2_0-rc2","OpenSSL-fips-2_0-rc3","OpenSSL-fips-2_0-rc4","OpenSSL-fips-2_0-rc5","OpenSSL-fips-2_0-rc6","OpenSSL-fips-2_0-rc7","OpenSSL-fips-2_0-rc8","OpenSSL-fips-2_0-rc9","OpenSSL-fips-2_0_1","OpenSSL-fips-2_0_10","OpenSSL-fips-2_0_11","OpenSSL-fips-2_0_12","OpenSSL-fips-2_0_13","OpenSSL-fips-2_0_14","OpenSSL-fips-2_0_15","OpenSSL-fips-2_0_16","OpenSSL-fips-2_0_2","OpenSSL-fips-2_0_3","OpenSSL-fips-2_0_4","OpenSSL-fips-2_0_5","OpenSSL-fips-2_0_6","OpenSSL-fips-2_0_7","OpenSSL-fips-2_0_8","OpenSSL-fips-2_0_9","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta1","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6","OpenSSL_0_9_6-beta1","OpenSSL_0_9_6-beta2","OpenSSL_0_9_6-beta3","OpenSSL_0_9_6a","OpenSSL_0_9_6a-beta1","OpenSSL_0_9_6a-beta2","OpenSSL_0_9_6a-beta3","OpenSSL_0_9_6b","OpenSSL_0_9_6c","OpenSSL_0_9_6d","OpenSSL_0_9_6d-beta1","OpenSSL_0_9_6e","OpenSSL_0_9_6f","OpenSSL_0_9_6g","OpenSSL_0_9_6h","OpenSSL_0_9_6i","OpenSSL_0_9_6j","OpenSSL_0_9_6k","OpenSSL_0_9_6l","OpenSSL_0_9_6m","OpenSSL_0_9_7","OpenSSL_0_9_7-beta1","OpenSSL_0_9_7-beta2","OpenSSL_0_9_7-beta3","OpenSSL_0_9_7-beta4","OpenSSL_0_9_7-beta5","OpenSSL_0_9_7-beta6","OpenSSL_0_9_7a","OpenSSL_0_9_7b","OpenSSL_0_9_7c","OpenSSL_0_9_7d","OpenSSL_0_9_7e","OpenSSL_0_9_7f","OpenSSL_0_9_7g","OpenSSL_0_9_7h","OpenSSL_0_9_7i","OpenSSL_0_9_8","OpenSSL_0_9_8-beta1","OpenSSL_0_9_8-beta2","OpenSSL_0_9_8-beta3","OpenSSL_0_9_8-beta4","OpenSSL_0_9_8-beta5","OpenSSL_0_9_8-beta6","OpenSSL_0_9_8-post-auto-reformat","OpenSSL_0_9_8-post-reformat","OpenSSL_0_9_8-pre-auto-reformat","OpenSSL_0_9_8-pre-reformat","OpenSSL_0_9_8a","OpenSSL_0_9_8b","OpenSSL_0_9_8c","OpenSSL_0_9_8d","OpenSSL_0_9_8e","OpenSSL_0_9_8f","OpenSSL_0_9_8g","OpenSSL_0_9_8h","OpenSSL_0_9_8i","OpenSSL_0_9_8j","OpenSSL_0_9_8k","OpenSSL_0_9_8l","OpenSSL_0_9_8m","OpenSSL_0_9_8m-beta1","OpenSSL_0_9_8n","OpenSSL_0_9_8o","OpenSSL_0_9_8p","OpenSSL_0_9_8q","OpenSSL_0_9_8r","OpenSSL_0_9_8s","OpenSSL_0_9_8t","OpenSSL_0_9_8u","OpenSSL_0_9_8v","OpenSSL_0_9_8w","OpenSSL_0_9_8x","OpenSSL_0_9_8y","OpenSSL_0_9_8za","OpenSSL_0_9_8zb","OpenSSL_0_9_8zc","OpenSSL_0_9_8zd","OpenSSL_0_9_8ze","OpenSSL_0_9_8zf","OpenSSL_0_9_8zg","OpenSSL_0_9_8zh","OpenSSL_1_0_0","OpenSSL_1_0_0-beta1","OpenSSL_1_0_0-beta2","OpenSSL_1_0_0-beta3","OpenSSL_1_0_0-beta4","OpenSSL_1_0_0-beta5","OpenSSL_1_0_0-post-auto-reformat","OpenSSL_1_0_0-post-reformat","OpenSSL_1_0_0-pre-auto-reformat","OpenSSL_1_0_0-pre-reformat","OpenSSL_1_0_0a","OpenSSL_1_0_0b","OpenSSL_1_0_0c","OpenSSL_1_0_0d","OpenSSL_1_0_0e","OpenSSL_1_0_0f","OpenSSL_1_0_0g","OpenSSL_1_0_0h","OpenSSL_1_0_0i","OpenSSL_1_0_0j","OpenSSL_1_0_0k","OpenSSL_1_0_0l","OpenSSL_1_0_0m","OpenSSL_1_0_0n","OpenSSL_1_0_0o","OpenSSL_1_0_0p","OpenSSL_1_0_0q","OpenSSL_1_0_0r","OpenSSL_1_0_0s","OpenSSL_1_0_0t","OpenSSL_1_0_1","OpenSSL_1_0_1-beta1","OpenSSL_1_0_1-beta2","OpenSSL_1_0_1-beta3","OpenSSL_1_0_1-post-auto-reformat","OpenSSL_1_0_1-post-reformat","OpenSSL_1_0_1-pre-auto-reformat","OpenSSL_1_0_1-pre-reformat","OpenSSL_1_0_1a","OpenSSL_1_0_1b","OpenSSL_1_0_1c","OpenSSL_1_0_1d","OpenSSL_1_0_1e","OpenSSL_1_0_1f","OpenSSL_1_0_1g","OpenSSL_1_0_1h","OpenSSL_1_0_1i","OpenSSL_1_0_1j","OpenSSL_1_0_1k","OpenSSL_1_0_1l","OpenSSL_1_0_1m","OpenSSL_1_0_1n","OpenSSL_1_0_1o","OpenSSL_1_0_1p","OpenSSL_1_0_1q","OpenSSL_1_0_1r","OpenSSL_1_0_1s","OpenSSL_1_0_1t","OpenSSL_1_0_1u","OpenSSL_1_0_2","OpenSSL_1_0_2-beta1","OpenSSL_1_0_2-beta2","OpenSSL_1_0_2-beta3","OpenSSL_1_0_2-post-auto-reformat","OpenSSL_1_0_2-post-reformat","OpenSSL_1_0_2-pre-auto-reformat","OpenSSL_1_0_2-pre-reformat","OpenSSL_1_0_2a","OpenSSL_1_0_2b","OpenSSL_1_0_2c","OpenSSL_1_0_2d","OpenSSL_1_0_2e","OpenSSL_1_0_2f","OpenSSL_1_0_2g","OpenSSL_1_0_2h","OpenSSL_1_0_2i","OpenSSL_1_0_2j","OpenSSL_1_0_2k","OpenSSL_1_0_2l","OpenSSL_1_0_2m","OpenSSL_1_0_2n","OpenSSL_1_0_2o","OpenSSL_1_0_2p","OpenSSL_1_0_2q","OpenSSL_1_0_2r","OpenSSL_1_0_2s","OpenSSL_1_0_2t","OpenSSL_1_0_2u","OpenSSL_1_1_0","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_0a","OpenSSL_1_1_0b","OpenSSL_1_1_0c","OpenSSL_1_1_0d","OpenSSL_1_1_0e","OpenSSL_1_1_0f","OpenSSL_1_1_0g","OpenSSL_1_1_0h","OpenSSL_1_1_0i","OpenSSL_1_1_0j","OpenSSL_1_1_0k","OpenSSL_1_1_0l","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","OpenSSL_1_1_1a","OpenSSL_1_1_1b","OpenSSL_1_1_1c","OpenSSL_1_1_1d","OpenSSL_1_1_1e","OpenSSL_1_1_1f","OpenSSL_1_1_1g","OpenSSL_1_1_1h","OpenSSL_1_1_1i","OpenSSL_1_1_1j","OpenSSL_1_1_1k","OpenSSL_1_1_1l","OpenSSL_1_1_1m","OpenSSL_1_1_1n","OpenSSL_1_1_1o","OpenSSL_1_1_1p","OpenSSL_1_1_1q","OpenSSL_1_1_1r","OpenSSL_1_1_1s","OpenSSL_1_1_1t","OpenSSL_1_1_1u","OpenSSL_1_1_1v","SSLeay_0_8_1b","SSLeay_0_9_0b","SSLeay_0_9_1b","STATE_after_zlib","STATE_before_zlib","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","openssl-3.0.0","openssl-3.0.0-alpha1","openssl-3.0.0-alpha10","openssl-3.0.0-alpha11","openssl-3.0.0-alpha12","openssl-3.0.0-alpha13","openssl-3.0.0-alpha14","openssl-3.0.0-alpha15","openssl-3.0.0-alpha16","openssl-3.0.0-alpha17","openssl-3.0.0-alpha2","openssl-3.0.0-alpha3","openssl-3.0.0-alpha4","openssl-3.0.0-alpha5","openssl-3.0.0-alpha6","openssl-3.0.0-alpha7","openssl-3.0.0-alpha8","openssl-3.0.0-alpha9","openssl-3.0.0-beta1","openssl-3.0.0-beta2","openssl-3.0.1","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.2.0","openssl-3.2.0-alpha1","openssl-3.2.0-alpha2","openssl-3.2.0-beta1","openssl-3.2.1","openssl-3.2.2","openssl-3.2.3","openssl-3.2.4","openssl-3.2.5","openssl-3.2.6","openssl-3.3.0","openssl-3.3.0-alpha1","openssl-3.3.0-beta1","openssl-3.3.1","openssl-3.3.2","openssl-3.3.3","openssl-3.3.4","openssl-3.3.5","openssl-3.3.6","openssl-3.4.0","openssl-3.4.0-alpha1","openssl-3.4.0-beta1","openssl-3.4.1","openssl-3.4.2","openssl-3.4.3","openssl-3.4.4","openssl-3.5.0","openssl-3.5.0-alpha1","openssl-3.5.0-beta1","openssl-3.5.1","openssl-3.5.2","openssl-3.5.3","openssl-3.5.4","openssl-3.5.5","openssl-3.6.0","openssl-3.6.0-alpha1","openssl-3.6.0-beta1","openssl-3.6.1","openssl-4.0.0-alpha1","openssl-4.0.0-beta1","rsaref"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"include/openssl/opensslv.h"},"source":"https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["28170854778703993674264004058177114599","73132526844288570625317440636111911761","177405411499435185068645597737938634778","224809958623850711330610094965797758930","295554444428855106393106961197201359586"]},"id":"CVE-2022-2097-c377fa22","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2097.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}