Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:PYSEC-2020-142
HistoryOct 19, 2020 - 1:15 p.m.

PYSEC-2020-142

2020-10-1913:15:00
Google
osv.dev
6

0.001 Low

EPSS

Percentile

23.5%

JSON

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.

CPENameOperatorVersion
tinkeq1.4.0

Related

osv 2
nvd 1
github 1
cvelist 1
cve 1
veracode 1
prion 1
osv
osv
Ciphertext Malleability Issue in Tink Java
2020-10-16 00:51:24
CVE-2020-8929
2020-10-19 13:15:13
nvd
nvd
CVE-2020-8929
2020-10-19 13:15:13
github
github
Ciphertext Malleability Issue in Tink Java
2020-10-16 00:51:24
cvelist
cvelist
CVE-2020-8929 Ciphertext integrity weakness in Tink
2020-10-19 12:15:16
cve
cve
CVE-2020-8929
2020-10-19 13:15:13
veracode
veracode
Malleable Ciphertext
2020-10-19 02:00:46
prion
prion
Design/Logic Flaw
2020-10-19 13:15:00

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for OSV:PYSEC-2020-142
osv2nvd1github1cvelist1cve1veracode1prion1