OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-15 22:04:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
09b17fcfbf102756ea8e624ecc3f865269669c1d
advisory-db/crates/openssl-src/RUSTSEC-2022-0032.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

24 lines
782 B
Markdown
Raw Blame History

```toml
[advisory]
id = "RUSTSEC-2022-0032"
package = "openssl-src"
aliases = ["CVE-2022-2097", "GHSA-3wx7-46ch-7rq2"]
categories = ["crypto-failure"]
date = "2022-07-05"
url = "https://www.openssl.org/news/secadv/20220705.txt"
[versions]
patched = [">= 111.22, < 300.0", ">= 300.0.9"]
```
# AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
Reference in New Issue View Git Blame Copy Permalink