CVE-2022-2097
Description
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasnt written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.407
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Node.js 14 (x64) (14.20.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 14 (14.20.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (x64) (16.16.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 16 (16.16.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 18 (18.17.0) | Windows |
| Multiple vulnerabilities are fixed in Node.js 18 (x64) (18.17.0) | Windows |
| Vulnerabilities CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2022-2097 are fixed in Nessus Agent 8.3.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL 3.0.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL (64-bit) 3.0.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL (MSI)(x64) 3.0.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL (MSI)(x86) 3.0.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-21589,CVE-2022-21592,CVE-2022-21608,CVE-2022-21617 are affected in Mysql 5.7.39 | Windows |
| Multiple vulnerabilities are affected in Mysql 8.0.30 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-29824,CVE-2022-35737 are affected in MySQL Workbench Enterprise Edition 8.0.30 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-29824,CVE-2022-35737 are affected in MySQL Workbench CE (x64) 8.0.30 | Windows |
| Vulnerabilities CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2022-2097 are fixed in Nessus 8.15.9 | Windows |
| Vulnerabilities CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2022-2097 are fixed in Tenable Nessus 8.15.9 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.60 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.18 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.5.0 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL Light 3.0.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL Light (x64) 3.0.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL Library 3.0.5 | Windows |
| Vulnerabilities CVE-2022-2097,CVE-2022-2274 are fixed in OpenSSL Library x86 3.0.5 | Windows |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl3_3.0.2-0ubuntu1.6_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl3_3.0.2-0ubuntu1.6_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl1.1_1.1.1l-1ubuntu1.6_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl1.1_1.1.1l-1ubuntu1.6_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl1.1_1.1.1f-1ubuntu2.16_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.20_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5502-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.20_amd64.deb | Linux |
| Openssl update (ELSA-2022-5818) openssl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2022-5818) openssl-devel-1.1.1k-7.el8_6.i686.rpm | Linux |
| Openssl-devel update (ELSA-2022-5818) openssl-devel-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2022-5818) openssl-libs-1.1.1k-7.el8_6.i686.rpm | Linux |
| Openssl-libs update (ELSA-2022-5818) openssl-libs-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2022-5818) openssl-perl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-debugsource-1.1.1k-7.el8_6.i686.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-debugsource-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-devel-1.1.1k-7.el8_6.i686.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-devel-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-libs-1.1.1k-7.el8_6.i686.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-libs-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| (RHSA-2022:5818) openssl security update openssl-perl-1.1.1k-7.el8_6.x86_64.rpm | Linux |
| openssl security update(DSA-5343-1) openssl_1.1.1n-0+deb11u4_amd64.deb | Linux |
| Openssl update (ELSA-2022-6224) openssl-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2022-6224) openssl-devel-3.0.1-41.0.1.el9_0.i686.rpm | Linux |
| Openssl-devel update (ELSA-2022-6224) openssl-devel-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2022-6224) openssl-libs-3.0.1-41.0.1.el9_0.i686.rpm | Linux |
| Openssl-libs update (ELSA-2022-6224) openssl-libs-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2022-6224) openssl-perl-3.0.1-41.0.1.el9_0.x86_64.rpm | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) nodejs_12.22.9~dfsg-1ubuntu3.1_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) libnode72_12.22.9~dfsg-1ubuntu3.1_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) nodejs-doc_12.22.9~dfsg-1ubuntu3.1_all.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6457-1) libnode-dev_12.22.9~dfsg-1ubuntu3.1_amd64.deb | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2328-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) openssl-1_1-1.1.1d-150200.11.51.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2328-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-1.1.1d-150200.11.51.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2328-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-hmac-1.1.1d-150200.11.51.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2328-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-32bit-1.1.1d-150200.11.51.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2328-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl-1_1-devel-1.1.1d-150200.11.51.1.x86_64.rpm | Linux |
| SUSE-SU-2022:2328-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libopenssl1_1-hmac-32bit-1.1.1d-150200.11.51.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpm | Linux |
| openssl Security Update (ALAS2023-2023-054) openssl-3.0.8-1.amzn2023.0.1.x86_64.rpm | Linux |
| openssl Security Update (ALAS2023-2023-054) openssl-devel-3.0.8-1.amzn2023.0.1.x86_64.rpm | Linux |
| openssl Security Update (ALAS2023-2023-054) openssl-libs-3.0.8-1.amzn2023.0.1.x86_64.rpm | Linux |
| openssl Security Update (ALAS2023-2023-054) openssl-perl-3.0.8-1.amzn2023.0.1.x86_64.rpm | Linux |
| Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-2097) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-331257 | Node.js 16 (x64) (16.20.1) |
| PATCH-331256 | Node.js 16 (16.20.1) |
| PATCH-331762 | Node.js 18 (18.17.0) |
| PATCH-331763 | Node.js 18 (x64) (18.17.0) |
| PATCH-337447 | Nessus Agent (10.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-347137 | MySQL Workbench CE (x64) (8.0.42) |
| PATCH-355451 | OpenSSL Light (3.6.1) |
| PATCH-355452 | OpenSSL Light (x64) (3.6.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234