Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.195 views

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

9.8CVSS6.3AI score0.47621EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.9 views

CVE-2024-23688

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5.3CVSS5.6AI score0.00489EPSS
Exploits0References1
Prion
Prion
added 2024/01/19 10:15 p.m.23 views

Code injection

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5CVSS7.2AI score0.00489EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/07/26 5:15 p.m.2 views

DEBIAN-CVE-2021-32791

modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In modauthopenidc before version 2.4.9, the AES GCM encryption in modauthopenidc uses a static IV and...

5.9CVSS6.4AI score0.01503EPSS
Exploits0References1
Rows per page
Query Builder