Information disclosure vulnerability in OpenSSL - CVE-2022-2097Deprecated |
ID: oval:org.secpod.oval:def:81883 | Date: (C)2022-07-08 (M)2023-12-07 |
Class: VULNERABILITY | Family: windows |
The host is installed with OpenSSL 1.1.1 through 1.1.1p or 3.0.0 through 3.0.4 and is prone to an information disclosure vulnerability. A flaw is present in the AES OCB mode for 32-bit x86 which fails to properly encrypt the entirety of the data under some circumstances. On successful exploitation, it could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption, sixteen bytes of the plaintext would be revealed.
Platform: |
Microsoft Windows Server 2019 |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2016 |
Microsoft Windows 10 |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |