How severe is CVE-2022-2097?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-2097?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2022-2097 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

Related Vulnerabilities

CVE-2018-18587

MEDIUM

CVSS:5.3(Medium)

BigProf AppGini 5.70 stores the passwords in the database using the MD5 hash.

CWE-3272018

CVE-2018-1996

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security, caused by the improper TLS configuration. A remote attacker could exploit this vulnerability to obt...

CWE-3272018

CVE-2019-4325

MEDIUM

CVSS:5.3(Medium)

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."

CWE-3272019

CVE-2019-5135

MEDIUM

CVSS:5.3(Medium)

An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes u...

CWE-3272019

CVE-2019-9836

MEDIUM

CVSS:5.3(Medium)

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic impl...

CWE-3272019

CVE-2020-1596

MEDIUM

CVSS:5.3(Medium)

<p>A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise ...

CWE-3272020