2 matches found
PT-2026-25375
Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...
MiracleLinux 9 : cjose-0.6.1-13.el9 (AXSA:2023-6285:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6285:01 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding...