{"api_version":"1","generated_at":"2026-04-22T19:36:36+00:00","cve":"CVE-2022-2097","urls":{"html":"https://cve.report/CVE-2022-2097","api":"https://cve.report/api/cve/CVE-2022-2097.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-2097","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-2097"},"summary":{"title":"CVE-2022-2097","description":"AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).","state":"PUBLIC","assigner":"openssl-security@openssl.org","published_at":"2022-07-05 11:15:00","updated_at":"2023-11-07 03:46:00"},"problem_types":["CWE-327"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20220715-0011/","name":"https://security.netapp.com/advisory/ntap-20220715-0011/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-2097 OpenSSL Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230420-0008/","name":"https://security.netapp.com/advisory/ntap-20230420-0008/","refsource":"CONFIRM","tags":[],"title":"CVE-2022-2097 MySQL Server Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/","name":"FEDORA-2022-3fdc2d3047","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: openssl-3.0.5-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202210-02","name":"GLSA-202210-02","refsource":"GENTOO","tags":[],"title":"OpenSSL: Multiple Vulnerabilities (GLSA 202210-02) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/","name":"FEDORA-2022-89a17be281","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: openssl1.1-1.1.1q-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93","name":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93","refsource":"","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/","name":"FEDORA-2022-41890e9e44","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: openssl-1.1.1q-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431","refsource":"CONFIRM","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/","name":"FEDORA-2022-3fdc2d3047","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: openssl-3.0.5-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5343","name":"DSA-5343","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5343-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/","name":"FEDORA-2022-41890e9e44","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: openssl-1.1.1q-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431","name":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431","refsource":"","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/","name":"FEDORA-2022-89a17be281","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: openssl1.1-1.1.1q-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","refsource":"CONFIRM","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"https://www.openssl.org/news/secadv/20220705.txt","name":"https://www.openssl.org/news/secadv/20220705.txt","refsource":"CONFIRM","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93","refsource":"CONFIRM","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html","name":"[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3325-1] openssl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-2097","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2097","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Alex Chernyakhovsky","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"active_iq_unified_manager","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"vmware_vsphere","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap_antivirus_connector","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_ins","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_ins","cpe6":"1.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_ins","cpe6":"1.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"2097","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_ins","cpe6":"1.0","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-2097","qid":"160014","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-5818)"},{"cve":"CVE-2022-2097","qid":"160025","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-9683)"},{"cve":"CVE-2022-2097","qid":"160072","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2022-6224)"},{"cve":"CVE-2022-2097","qid":"181546","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5343-1)"},{"cve":"CVE-2022-2097","qid":"181593","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 3325-1)"},{"cve":"CVE-2022-2097","qid":"184089","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2022-2097)"},{"cve":"CVE-2022-2097","qid":"198850","title":"Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5502-1)"},{"cve":"CVE-2022-2097","qid":"199873","title":"Ubuntu Security Notification for Node.js Vulnerabilities (USN-6457-1)"},{"cve":"CVE-2022-2097","qid":"20273","title":"Oracle MySQL October 2022 Critical Patch Update (CPUOCT2022)"},{"cve":"CVE-2022-2097","qid":"240588","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:5818)"},{"cve":"CVE-2022-2097","qid":"240641","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:6224)"},{"cve":"CVE-2022-2097","qid":"282924","title":"Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-3fdc2d3047)"},{"cve":"CVE-2022-2097","qid":"282939","title":"Fedora Security Update for openssl1.1 (FEDORA-2022-89a17be281)"},{"cve":"CVE-2022-2097","qid":"282968","title":"Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2022-41890e9e44)"},{"cve":"CVE-2022-2097","qid":"296083","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 49.126.2 Missing (CPUOCT2022)"},{"cve":"CVE-2022-2097","qid":"296084","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 50.126.3 Missing (CPUOCT2022)"},{"cve":"CVE-2022-2097","qid":"296099","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 57.144.3 Missing (CPUAPR2023)"},{"cve":"CVE-2022-2097","qid":"330109","title":"IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Arbritary Code Execution Vulnerability (openssl_advisory36)"},{"cve":"CVE-2022-2097","qid":"354286","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-147"},{"cve":"CVE-2022-2097","qid":"354459","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2022-2022-195"},{"cve":"CVE-2022-2097","qid":"354579","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-195"},{"cve":"CVE-2022-2097","qid":"354802","title":"Amazon Linux Security Advisory for openssl11 : ALAS2-2023-1974"},{"cve":"CVE-2022-2097","qid":"355250","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-051"},{"cve":"CVE-2022-2097","qid":"355252","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-054"},{"cve":"CVE-2022-2097","qid":"357333","title":"Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502"},{"cve":"CVE-2022-2097","qid":"377563","title":"Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2022:0148)"},{"cve":"CVE-2022-2097","qid":"377645","title":"Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUOCT2022)"},{"cve":"CVE-2022-2097","qid":"377651","title":"Oracle MYSQL Connector/ODBC Critical Patch Update (CPU) October 2022 (CPUOCT2022)"},{"cve":"CVE-2022-2097","qid":"379452","title":"IBM Cognos Analytics Multiple Vulnerabilities (7123154)"},{"cve":"CVE-2022-2097","qid":"502413","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2022-2097","qid":"502416","title":"Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)"},{"cve":"CVE-2022-2097","qid":"502753","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2022-2097","qid":"502906","title":"Alpine Linux Security Update for openssl1.1-compat"},{"cve":"CVE-2022-2097","qid":"591311","title":"Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)"},{"cve":"CVE-2022-2097","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2022-2097","qid":"672094","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2300)"},{"cve":"CVE-2022-2097","qid":"672096","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2329)"},{"cve":"CVE-2022-2097","qid":"672162","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2419)"},{"cve":"CVE-2022-2097","qid":"672172","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2432)"},{"cve":"CVE-2022-2097","qid":"672193","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2476)"},{"cve":"CVE-2022-2097","qid":"672447","title":"EulerOS Security Update for linux-sgx (EulerOS-SA-2022-2852)"},{"cve":"CVE-2022-2097","qid":"673086","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL)111d (EulerOS-SA-2023-2162)"},{"cve":"CVE-2022-2097","qid":"690892","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (a28e8b7e-fc70-11ec-856e-d4c9ef517024)"},{"cve":"CVE-2022-2097","qid":"690894","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for node.js (b9210706-feb0-11ec-81fa-1c697a616631)"},{"cve":"CVE-2022-2097","qid":"690971","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (4b9c1c17-587c-11ed-856e-d4c9ef517024)"},{"cve":"CVE-2022-2097","qid":"710638","title":"Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202210-02)"},{"cve":"CVE-2022-2097","qid":"752298","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2308-1)"},{"cve":"CVE-2022-2097","qid":"752301","title":"SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2022:2309-1)"},{"cve":"CVE-2022-2097","qid":"752305","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2311-1)"},{"cve":"CVE-2022-2097","qid":"752308","title":"SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2022:2306-1)"},{"cve":"CVE-2022-2097","qid":"752310","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2312-1)"},{"cve":"CVE-2022-2097","qid":"752325","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2022:2328-1)"},{"cve":"CVE-2022-2097","qid":"902455","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10126)"},{"cve":"CVE-2022-2097","qid":"902472","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10113)"},{"cve":"CVE-2022-2097","qid":"902554","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10109)"},{"cve":"CVE-2022-2097","qid":"904808","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10122-1)"},{"cve":"CVE-2022-2097","qid":"906025","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10122-2)"},{"cve":"CVE-2022-2097","qid":"906368","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10109-2)"},{"cve":"CVE-2022-2097","qid":"940611","title":"AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:5818)"},{"cve":"CVE-2022-2097","qid":"940649","title":"AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2022:6224)"},{"cve":"CVE-2022-2097","qid":"960214","title":"Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2022:5818)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"openssl-security@openssl.org","DATE_PUBLIC":"2022-07-05","ID":"CVE-2022-2097","STATE":"PUBLIC","TITLE":"AES OCB fails to encrypt some bytes"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_value":"Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)"},{"version_value":"Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)"}]}}]},"vendor_name":"OpenSSL"}]}},"credit":[{"lang":"eng","value":"Alex Chernyakhovsky"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)."}]},"impact":[{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#moderate","value":"Moderate"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Fencepost error"}]}]},"references":{"reference_data":[{"name":"https://www.openssl.org/news/secadv/20220705.txt","refsource":"CONFIRM","url":"https://www.openssl.org/news/secadv/20220705.txt"},{"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93","refsource":"CONFIRM","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93"},{"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431","refsource":"CONFIRM","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431"},{"refsource":"FEDORA","name":"FEDORA-2022-3fdc2d3047","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"},{"refsource":"FEDORA","name":"FEDORA-2022-89a17be281","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220715-0011/","url":"https://security.netapp.com/advisory/ntap-20220715-0011/"},{"refsource":"FEDORA","name":"FEDORA-2022-41890e9e44","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"},{"refsource":"GENTOO","name":"GLSA-202210-02","url":"https://security.gentoo.org/glsa/202210-02"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"},{"refsource":"DEBIAN","name":"DSA-5343","url":"https://www.debian.org/security/2023/dsa-5343"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update","url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230420-0008/","url":"https://security.netapp.com/advisory/ntap-20230420-0008/"}]}},"nvd":{"publishedDate":"2022-07-05 11:15:00","lastModifiedDate":"2023-11-07 03:46:00","problem_types":["CWE-327"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1q","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}