13 matches found
Fedora: Security Advisory (FEDORA-2023-17bdd59177)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2023-377bc1b17c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : firecracker / rust-aes-gcm (2023-377bc1b17c)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-377bc1b17c advisory. - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages firecracker for aes-gcm v0.10.3...
openSUSE: Security Advisory for rage (SUSE-SU-2023:4060-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rage-encryption (SUSE-SU-2023:4060-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4060-1 advisory. -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm bsc1215657 update vendor.tar.zst to...
SUSE-SU-2023:4060-1 Security update for rage-encryption
This update for rage-encryption fixes the following issues: -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm bsc1215657 update vendor.tar.zst to contain aes-gcm = 0.10.3 - Update to version 0.9.2+0: CI: Ensure apt repository is up-to-date before installing build deps CI: Build...
Fedora 38 : firecracker / rust-aes-gcm (2023-98f44d1c4c)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-98f44d1c4c advisory. - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages firecracker for aes-gcm v0.10.3...
Fedora 37 : firecracker / rust-aes-gcm (2023-bc40c7995e)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-bc40c7995e advisory. - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages firecracker for aes-gcm v0.10.3...
CVE-2023-42811
The CVE-2023-42811 issue affects the aes-gcm Rust crate (AES-GCM implementation). In versions before 0.10.3, decrypt_in_place_detached could expose the decrypted plaintext in the buffer after a tag verification failure, potentially enabling CCAs and full plaintext recovery depending on the progra...
CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...
CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...
CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...
CVE-2023-42811
creationtimestamp| type| source ---|---|--- 2023-09-21 22:54:07+00:00| published-proof-of-concept| https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq 2023-09-22 20:31:55+00:00| seen| https://t.me/cibsecurity/70953 2025-06-18 14:41:48+00:00| published-proof-of-concept|...