CVE-2022-26083

CWE-12045 documents5 sources

Severity

7.5HIGH

EPSS

0.1%

top 68.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Integrated Performance Primitives Cryptography

Timeline

PublishedFeb 14

Description

Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:NExploitability: 1.1 | Impact: 5.8

Affected Packages2 packages

▶CVEListV5intel(r)_ipp_cryptography_software_librarybefore version 2021.5

▶NVDintel/integrated_performance_primitives_cryptography< 2021.5

🔴Vulnerability Details

CVEList

CVE-2022-26083: Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021↗2025-02-14

▶

GHSA

GHSA-97m5-x73g-j7xj: Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021↗2025-02-14

▶

📋Vendor Advisories

Debian

CVE-2022-26083: ipp-crypto - Generation of weak initialization vector in an Intel(R) IPP Cryptography softwar...↗2022

▶