CVE-2023-48053

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

PYSEC-2023-245

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

Archery Security Vulnerabilities

Archery is an open source set of vulnerability assessment and management tools. A security vulnerability exists in Archery version v1.10.0 that stems from the use of non-random or static IVs for Cipher Block Linking CBC mode in AES encryption, which could lead to information and communication...

PT-2023-12785 · Texas Instruments · Texas Instruments Omap L138

Name of the Vulnerable Software and Affected Versions: Texas Instruments OMAP L138 secure variants affected versions not specified Description: The AES implementation in the Texas Instruments OMAP L138 suffers from a timing side channel. This can be exploited by an adversary with non-secure...

aes-gcm Data Forgery Issue Vulnerability

aes-gcm is a cryptographic algorithm in the aes-gcm open source. Vulnerabilities in aes-gcm versions prior to 0.10.0 to 0.10.3 suffer from a data forgery problem, which stems from the fact that in AES GCM decryption implementations, plaintext is made public in the form of decryptinplacedetached...

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails...

USN-6307-1 cjose vulnerability

It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service system crash or might expose sensitive information...

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...

OESA-2023-1441 cjose security update

Implementation of JOSE for C/C++ Security Fixes: OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of...

OpenJDK: weakness in AES implementation (8308682)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...

OpenJDK: weakness in AES implementation (8308682)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2;...

AZL-36936 CVE-2023-37464 affecting package cjose for versions less than 0.6.2.2-7

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

UBUNTU-CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

DEBIAN-CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM

A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash...

kernel: crypto: qat - fix out-of-bounds read

An out-of-bounds read vulnerability was found in the Linux kernel's Intel QAT QuickAssist Technology crypto driver. When preparing an AES-CTR encryption request on QAT GEN4 devices, the driver rounds up the key size by 16 bytes before copying. If this rounding occurs before the memcpy operation,...

Input buffer over-read in AES-XTS implementation on 64 bit ARM

...

CVE-2023-26084

The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...

PT-2023-20477 · Arm · Arm Aarch64Cryptolib

Name of the Vulnerable Software and Affected Versions: Arm AArch64cryptolib versions before 86065c6 Description: The issue concerns the armv8 dec aes gcm full API, which fails to verify the authentication tag of AES-GCM protected data. This failure is due to an improperly initialized variable,...