Showing 26 - 31 of 31

CVE-2022-2097

Status Candidate

Overview

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Related Files

Red Hat Security Advisory 2022-6024-01: Posted Aug 10, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-6024-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 5.2 and Red Hat Enterprise Linux 8.6 and Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-40528, CVE-2021-43813, CVE-2022-0670, CVE-2022-1292, CVE-2022-1586, CVE-2022-1785, CVE-2022-1897, CVE-2022-1927, CVE-2022-2068, CVE-2022-2097, CVE-2022-21673, CVE-2022-22576, CVE-2022-25313, CVE-2022-25314; SHA-256 | e52fb3bea97275ad943bc6b64258f5d9ee9ee01ef78ecf3d9c444d899bebb1ef; Download | Favorite | View

Red Hat Security Advisory 2022-5818-01: Posted Aug 4, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-5818-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.; tags | advisory, code execution, protocol; systems | linux, redhat; advisories | CVE-2022-1292, CVE-2022-2068, CVE-2022-2097; SHA-256 | 61fd4ae020a65fbaad40f03e903e5c409d9a67ad1b8ac30645648f96edbe5e69; Download | Favorite | View

Ubuntu Security Notice USN-5502-1: Posted Jul 6, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5502-1 - Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information.; tags | advisory, remote, x86; systems | linux, ubuntu; advisories | CVE-2022-2097; SHA-256 | b7685024ea08064a48df0cc02c966bbdef3aaaac3fe59662c6702428963a6223; Download | Favorite | View

OpenSSL Toolkit 3.0.5: Posted Jul 5, 2022; Site openssl.org; OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.; Changes: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. An AES OCB mode issue was also addressed.; tags | tool, encryption, protocol; systems | unix; advisories | CVE-2022-2097, CVE-2022-2274; SHA-256 | aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a; Download | Favorite | View

OpenSSL Toolkit 1.1.1q: Posted Jul 5, 2022; Site openssl.org; OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.; Changes: Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms.; tags | tool, encryption, protocol; systems | unix; advisories | CVE-2022-2097; SHA-256 | d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca; Download | Favorite | View

OpenSSL Security Advisory 20220705: Posted Jul 5, 2022; Site openssl.org; OpenSSL Security Advisory 20220705 - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. Other issues were also addressed.; tags | advisory, remote, code execution; advisories | CVE-2022-2097, CVE-2022-2274; SHA-256 | 77cb83743e1a820453bd06ea0f03f1f8f2401440b4f893084cdc8d178540f4c6; Download | Favorite | View

Page 2 of 2 Back 1 2 Next

Top Authors In Last 30 Days

Red Hat 136 files
Ubuntu 95 files
indoushka 29 files
Debian 28 files
Apple 22 files
Gentoo 20 files
nu11secur1ty 15 files
LiquidWorm 9 files
Google Security Research 7 files
jheysel-r7 4 files

File Archives

Systems

AIX (428)
Apple (2,025)
BSD (375)
CentOS (57)
Cisco (1,925)
Debian (6,853)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,342)
HPUX (879)
iOS (357)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (46,873)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (13,930)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,960)
UNIX (9,320)
UnixWare (186)
Windows (6,590)
Other

CVE-2022-2097

Overview

Related Files

File Archive:

October 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems