{"id":"CVE-2022-2097","details":"AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).","aliases":["GHSA-3wx7-46ch-7rq2","RUSTSEC-2022-0032"],"modified":"2026-04-16T04:33:07.241127756Z","published":"2022-07-05T11:15:08.340Z","related":["ALSA-2022:5818","ALSA-2022:6224","CGA-mwhc-9qv9-2p32","SUSE-SU-2022:2306-1","SUSE-SU-2022:2308-1","SUSE-SU-2022:2309-1","SUSE-SU-2022:2311-1","SUSE-SU-2022:2312-1","SUSE-SU-2022:2328-1","SUSE-SU-2022:2417-1","openSUSE-SU-2022:2328-1","openSUSE-SU-2024:12179-1","openSUSE-SU-2024:12204-1"],"references":[{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202210-02"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230420-0008/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20220705.txt"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220715-0011/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5343"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"fixed":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"ad4910fad22d57c6d685b0ca83bdb7b2bf69d8fd"},{"introduced":"0"},{"fixed":"bf059c2efc4db5c09970fd3d2c392432b0ac6a12"},{"introduced":"0"},{"last_affected":"bf059c2efc4db5c09970fd3d2c392432b0ac6a12"},{"introduced":"0"},{"last_affected":"888759a1d38197f29de7227876c3b58fbff8549f"},{"introduced":"0"},{"last_affected":"e818b74be2170fbe957a07b0da4401c2b694b3b8"}],"database_specific":{"versions":[{"introduced":"1.1.1"},{"fixed":"1.1.1q"},{"introduced":"3.0.0"},{"fixed":"3.0.5"},{"introduced":"0"},{"fixed":"1.0"},{"introduced":"0"},{"last_affected":"1.0-NA"},{"introduced":"0"},{"last_affected":"1.0-sp1"},{"introduced":"0"},{"last_affected":"1.0-sp2"}]}}],"versions":["BEFORE_engine","BEN_FIPS_TEST_7","BEN_FIPS_TEST_8","FIPS_TEST_10","FIPS_TEST_9","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_0_9_7","OpenSSL_0_9_7-beta1","OpenSSL_0_9_7-beta2","OpenSSL_0_9_7-beta3","OpenSSL_0_9_7-beta4","OpenSSL_0_9_7-beta6","OpenSSL_0_9_7a","OpenSSL_0_9_7b","OpenSSL_0_9_7c","OpenSSL_0_9_7e","OpenSSL_0_9_7f","OpenSSL_0_9_7g","OpenSSL_0_9_7h","OpenSSL_0_9_7i","OpenSSL_1_0_1","OpenSSL_1_0_1-beta1","OpenSSL_1_0_1-beta2","OpenSSL_1_0_1-beta3","OpenSSL_1_0_1-post-auto-reformat","OpenSSL_1_0_1-post-reformat","OpenSSL_1_0_1-pre-auto-reformat","OpenSSL_1_0_1-pre-reformat","OpenSSL_1_0_1a","OpenSSL_1_0_1b","OpenSSL_1_0_1c","OpenSSL_1_0_1d","OpenSSL_1_0_1e","OpenSSL_1_0_1f","OpenSSL_1_0_1g","OpenSSL_1_0_1h","OpenSSL_1_0_1i","OpenSSL_1_0_1j","OpenSSL_1_0_1k","OpenSSL_1_0_1l","OpenSSL_1_0_1m","OpenSSL_1_0_1n","OpenSSL_1_0_1o","OpenSSL_1_0_1p","OpenSSL_1_0_1q","OpenSSL_1_0_1r","OpenSSL_1_0_1s","OpenSSL_1_0_1t","OpenSSL_1_0_1u","OpenSSL_1_0_2","OpenSSL_1_0_2-beta1","OpenSSL_1_0_2-beta2","OpenSSL_1_0_2-beta3","OpenSSL_1_0_2-post-auto-reformat","OpenSSL_1_0_2-post-reformat","OpenSSL_1_0_2-pre-auto-reformat","OpenSSL_1_0_2-pre-reformat","OpenSSL_1_0_2a","OpenSSL_1_0_2b","OpenSSL_1_0_2c","OpenSSL_1_0_2d","OpenSSL_1_0_2e","OpenSSL_1_0_2f","OpenSSL_1_0_2g","OpenSSL_1_0_2h","OpenSSL_1_0_2i","OpenSSL_1_0_2j","OpenSSL_1_0_2k","OpenSSL_1_0_2l","OpenSSL_1_0_2m","OpenSSL_1_0_2n","OpenSSL_1_0_2o","OpenSSL_1_0_2p","OpenSSL_1_0_2q","OpenSSL_1_0_2r","OpenSSL_1_0_2s","OpenSSL_1_0_2t","OpenSSL_1_0_2u","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","OpenSSL_1_1_1a","OpenSSL_1_1_1b","OpenSSL_1_1_1c","OpenSSL_1_1_1d","OpenSSL_1_1_1e","OpenSSL_1_1_1f","OpenSSL_1_1_1g","OpenSSL_1_1_1h","OpenSSL_1_1_1i","OpenSSL_1_1_1j","OpenSSL_1_1_1k","OpenSSL_1_1_1l","OpenSSL_1_1_1m","OpenSSL_1_1_1n","OpenSSL_1_1_1o","OpenSSL_1_1_1p","OpenSSL_1_1_1q","OpenSSL_1_1_1r","OpenSSL_1_1_1s","OpenSSL_1_1_1t","OpenSSL_1_1_1u","OpenSSL_1_1_1v","OpenSSL_FIPS_1_0","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","openssl-3.0.0","openssl-3.0.1","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2097.json","vanir_signatures_modified":"2026-04-11T18:44:53Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"vanir_signatures":[{"source":"https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86","deprecated":false,"signature_version":"v1","id":"CVE-2022-2097-c377fa22","digest":{"threshold":0.9,"line_hashes":["28170854778703993674264004058177114599","73132526844288570625317440636111911761","177405411499435185068645597737938634778","224809958623850711330610094965797758930","295554444428855106393106961197201359586"]},"target":{"file":"include/openssl/opensslv.h"},"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}