CVE-2022-2097

NameCVE-2022-2097
DescriptionAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3325-1, DSA-5343-1
Debian Bugs1023424

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openssl (PTS)buster1.1.1n-0+deb10u3vulnerable
buster (security)1.1.1n-0+deb10u6fixed
bullseye1.1.1w-0+deb11u1fixed
bullseye (security)1.1.1n-0+deb11u5fixed
bookworm, bookworm (security)3.0.11-1~deb12u2fixed
trixie3.1.5-1fixed
sid3.2.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
opensslsourcebuster1.1.1n-0+deb10u4DLA-3325-1
opensslsourcebullseye1.1.1n-0+deb11u4DSA-5343-1
opensslsource(unstable)3.0.5-11023424

Notes

https://www.openssl.org/news/secadv/20220705.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93 (openssl-3.0.5)
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=919925673d6c9cfed3c1085497f5dfbbed5fc431 (OpenSSL_1_1_1q)
Search for package or bug name: Reporting problems