Lucene search

GitHub_MCVELIST:CVE-2024-36121

HistoryJun 04, 2024 - 9:13 p.m.

CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces

2024-06-0421:13:33

CWE-190

CWE-323

CWE-200

GitHub_M

www.cve.org

netty

boringsslaeadcontext

nonces

sequence number overflow

ohttp implementation

encryption algorithm

cve-2024-36121

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.7%

JSON

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat.

CNA Affected

[
  {
    "vendor": "netty",
    "product": "netty-incubator-codec-ohttp",
    "versions": [
      {
        "version": ">= 0.0.3.Final, < 0.0.11.Final",
        "status": "affected"
      }
    ]
  }
]

References

github.com/netty/netty-incubator-codec-ohttp/blob/1ddadb6473cd3be5491d114431ed4c1a9f316001/codec-ohttp-hpke-classes-boringssl/src/main/java/io/netty/incubator/codec/hpke/boringssl/BoringSSLAEADContext.java#L112-L114

github.com/netty/netty-incubator-codec-ohttp/security/advisories/GHSA-g762-h86w-8749

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for CVELIST:CVE-2024-36121