Unauthenticated Nonce Increment in snow

2024-01-2312:00:00

Google

osv.dev

logic bug

unauthenticated payloads

nonce increment

snow

internal state

privileges

packet injection

noise session

denial-of-service attack

message delivery

stateful transportstate

statelesstransportstate

software update

7 High

AI Score

Confidence

High

JSON

There was a logic bug where unauthenticated payloads could still cause a nonce
increment in snow’s internal state. For an attacker with privileges to inject
packets into the channel over which the Noise session operates, this could
allow a denial-of-service attack which could prevent message delivery by
sending garbage data.

Note that this only affects those who are using the stateful TransportState,
not those using StatelessTransportState.

This has been patched in version 0.9.5, and all users are recommended to
update.

CPENameOperatorVersion
snowlt0.9.5

CPE	Name	Operator	Version
	snow	lt	0.9.5

References

crates.io/crates/snow

github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3

rustsec.org/advisories/RUSTSEC-2024-0011.html

7 High

AI Score

Confidence

High

JSON