High severityNVD Advisory· Published Jul 5, 2022· Updated Sep 17, 2024

AES OCB fails to encrypt some bytes

CVE-2022-2097

Description

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

AES OCB mode in OpenSSL on 32-bit x86 with AES-NI assembly fails to encrypt all data, potentially exposing 16 bytes of memory; fixed in OpenSSL 3.0.5 and 1.1.1q.

Vulnerability Description The AES OCB (Offset Codebook Mode) implementation in OpenSSL for 32-bit x86 platforms using the AES-NI assembly-optimized code fails to encrypt the entirety of the data under certain circumstances. This bug can result in sixteen bytes of data that was preexisting in memory being left unencrypted, potentially revealing sensitive information [2][4].

Attack Vector Exploiting this vulnerability requires the use of AES OCB mode on a 32-bit x86 system with AES-NI instructions and the assembly-optimized code path. Importantly, OpenSSL does not support OCB-based cipher suites for TLS or DTLS, so these protocols are not affected. The attack may be relevant in scenarios where applications directly use AES OCB encryption via OpenSSL's EVP interface [2].

Impact If successfully triggered, the vulnerability could disclose up to sixteen bytes of unencrypted data. In the special case of in-place encryption, those sixteen bytes correspond to plaintext, while otherwise they could be stale memory contents. The severity is rated MODERATE by OpenSSL [2].

Mitigation OpenSSL has released fixes in versions 3.0.5 (for 3.0.x) and 1.1.1q (for 1.1.x). Users running affected versions should update immediately. No workarounds are known. The Rust crate openssl-src has also been patched to include the fixed versions [4].

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
openssl-srccrates.io	< 111.22.0	111.22.0
openssl-srccrates.io	>= 300.0.0, < 300.0.9	300.0.9

Affected products

osv-coords50 versions
pkg:apk/chainguard/ruby-3.1 pkg:apk/chainguard/ruby-3.1-base pkg:apk/chainguard/ruby-3.1-base-dev pkg:apk/chainguard/ruby-3.1-dev pkg:apk/chainguard/ruby-3.1-doc pkg:apk/wolfi/ruby-3.1 pkg:apk/wolfi/ruby-3.1-base pkg:apk/wolfi/ruby-3.1-base-dev pkg:apk/wolfi/ruby-3.1-dev pkg:apk/wolfi/ruby-3.1-doc pkg:cargo/openssl-src pkg:rpm/almalinux/openssl pkg:rpm/almalinux/openssl-devel pkg:rpm/almalinux/openssl-libs pkg:rpm/almalinux/openssl-perl pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.1 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/openssl-1_1&distro=SUSE%20Manager%20Server%204.1 pkg:rpm/suse/openssl-1_1&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openssl-1_1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 0+ 49 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 111.22.0
- (no CPE)range: < 1:1.1.1k-7.el8_6
- (no CPE)range: < 1:1.1.1k-7.el8_6
- (no CPE)range: < 1:1.1.1k-7.el8_6
- (no CPE)range: < 1:1.1.1k-7.el8_6
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1l-150400.7.7.1
- (no CPE)range: < 3.0.1-150400.4.7.1
- (no CPE)range: < 12.22.12-1.51.1
- (no CPE)range: < 1.1.0i-150100.14.36.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.0i-150100.14.36.1
- (no CPE)range: < 1.1.0i-150100.14.36.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.0i-150000.4.74.1
- (no CPE)range: < 1.1.0i-150000.4.74.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1l-150400.7.7.1
- (no CPE)range: < 1.1.1d-2.69.1
- (no CPE)range: < 1.1.1d-2.69.1
- (no CPE)range: < 1.1.0i-150100.14.36.1
- (no CPE)range: < 1.1.0i-150100.14.36.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.0i-150000.4.74.1
- (no CPE)range: < 1.1.1d-2.69.1
- (no CPE)range: < 1.1.1d-2.69.1
- (no CPE)range: < 1.1.0i-150000.4.74.1
- (no CPE)range: < 1.1.0i-150100.14.36.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-2.69.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-150200.11.51.1
- (no CPE)range: < 1.1.1d-2.69.1
- (no CPE)range: < 1.1.1d-2.69.1
- (no CPE)range: < 3.0.1-150400.4.7.1
OpenSSL Project/OpenSSLv5
Range: Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000