diff --git a/cve/openssl/2022/CVE-2022-2097/.keep b/cve/openssl/2022/CVE-2022-2097/.keep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/cve/openssl/2022/CVE-2022-2097/README b/cve/openssl/2022/CVE-2022-2097/README new file mode 100644 index 0000000000000000000000000000000000000000..a315a6902d8242bba498133d5c44a8cf57c8cd61 --- /dev/null +++ b/cve/openssl/2022/CVE-2022-2097/README @@ -0,0 +1,3 @@ +A script to change OpenSSL versions on Ubuntu to 1.1.1q to protect against CVE-2022-2097. + +REF:https://github.com/PeterThomasAwen/OpenSSLUpgrade1.1.1q-Ubuntu.git \ No newline at end of file diff --git a/cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh b/cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh new file mode 100644 index 0000000000000000000000000000000000000000..1d6088dbba35c0d14dceb475c6087f6ce5c1992b --- /dev/null +++ b/cve/openssl/2022/CVE-2022-2097/upgradeOpenssl.sh @@ -0,0 +1,14 @@ +#!/bin/bash +#Upgrades OpenSSL to version 1.1.1.q +wget https://www.openssl.org/source/openssl-1.1.1q.tar.gz +sudo tar -xf openssl-1.1.1q.tar.gz +cd openssl-1.1.1q +sudo ./config +sudo make +sudo make install +sudo ldconfig +cd ~ +sudo rm openssl-1.1.1q.tar.gz +sudo rm -rf openssl-1.1.1q +sudo systemctl restart nginx +nginx -V \ No newline at end of file diff --git a/cve/openssl/2022/yaml/CVE-2022-2097.yaml b/cve/openssl/2022/yaml/CVE-2022-2097.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a2c6d850bc912581d3ba94b70604aa865a3500a5 --- /dev/null +++ b/cve/openssl/2022/yaml/CVE-2022-2097.yaml @@ -0,0 +1,15 @@ +id: CVE-2022-2097 +source: https://attackerkb.com/topics/wPEdhpuIwp/cve-2022-2097 +info: + description: | + AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). + reference: + https://attackerkb.com/topics/wPEdhpuIwp/cve-2022-2097; + https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2022-2097/; + https://github.com/PeterThomasAwen/OpenSSLUpgrade1.1.1q-Ubuntu; + classification: + cve-id: CVE-2022-2097 + cwe-id: None + cnvd-id: None + kve-id: None + tags: AES加密泄露, CVE-2022 \ No newline at end of file diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 0d949e3432bd81fb3bc777aeab9ec46b183f9fb8..7bedeafcd1d39fb7b72a77eda380b9f849f5259c 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -95,6 +95,7 @@ cve: - CVE-2021-3449 - CVE-2022-0778 - CVE-2022-3786 + - CVE-2022-2097 libxml2: - CVE-2020-24977 - CVE-2021-3517