CVE-2022-2097

ADVISORY - github

Summary

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed.

Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.

EPSS Score⁠: 0.00407 (0.606)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

ADVISORY - github

CWE-311⁠

Missing Encryption of Sensitive Data

CWE-326⁠

Inadequate Encryption Strength

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-311⁠

Missing Encryption of Sensitive Data

CWE-326⁠

Inadequate Encryption Strength

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-325⁠

Missing Cryptographic Step

Impacted images

Advisories

NIST

CREATED

4 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2022-2097⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-327⁠

CVSS SCORE

5.3medium

GitHub

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-3wx7-46ch-7rq2⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-311⁠CWE-326⁠CWE-327⁠

CVSS SCORE

7.5high

Alpine

CREATED

4 years ago

UPDATED

4 days ago

ADVISORY IDCVE-2022-2097⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 years ago

UPDATED

26 days ago

ADVISORY IDCVE-2022-2097⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

4 years ago

UPDATED

9 months ago

ADVISORY IDCVE-2022-2097⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

RustSec

CREATED

4 years ago

UPDATED

3 years ago

ADVISORY IDRUSTSEC-2022-0032⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2022-2097

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-311⁠CWE-326⁠CWE-327⁠CWE-937⁠

CVSS SCORE

7.5high

Alma

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDALSA-2022:5818⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Alma

CREATED

3 years ago

UPDATED

2 years ago

ADVISORY IDALSA-2022:6224⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDALAS2-2023-1974⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

2 years ago

UPDATED

4 months ago

ADVISORY IDALAS2-2024-2502⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

2 years ago

UPDATED

10 months ago

ADVISORY IDALAS2022-2022-147⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

2 years ago

UPDATED

10 months ago

ADVISORY IDALAS2022-2022-195⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDALAS2023-2023-051⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDALAS2023-2023-054⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

4 years ago

UPDATED

20 days ago

ADVISORY IDCVE-2022-2097⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-325⁠

CVSS SCORE

5.3medium

Rocky

CREATED

3 years ago

UPDATED

11 months ago

ADVISORY IDRLSA-2022:5818⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-5818⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-6224⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9683⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9751⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9944⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9945⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9946⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9947⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9948⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9949⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9950⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9951⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9952⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9953⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9954⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDELSA-2022-9955⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Chainguard

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY ID

CGA-34cr-x5f5-q4cf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

18 days ago

UPDATED

18 days ago

ADVISORY ID

CGA-mwhc-9qv9-2p32

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY ID

CVE-2022-2097

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium