Incorrect cipher key & IV length processing

...

AZL-78558 CVE-2023-5363 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

USN-6450-1 openssl vulnerabilities

Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector IV lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. CVE-2023-5363 Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV...

CVE-2023-5363 Incorrect cipher key & IV length processing

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

Missing Cryptographic Step

Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Missing Cryptographic Step when the EVPEncryptInitex2, EVPDecryptInitex2 or EVPCipherInitex2 functions are used. An attacker can cause truncation or overreading of key and...

UBUNTU-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

CVE-2022-24401

Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

The vulnerability of TP-Link Tapo L530 Wi-Fi light controller’s microprogramming software lies in the lack of the ability to use a arbitrary vector for initialization during encryption mode. This allows attackers to execute a brute-force attack.

The vulnerability of TP-Link Tapo L530 Wi-Fi bulbs’ microprogramming software is related to the lack of the ability to use a arbitrary initialization vector with encryption blocks enabled. Exploiting this vulnerability allows an attacker operating remotely to execute a brute-force attack...

TP-LINK Smart bulb Tapo 安全漏洞

TP-LINK Smart bulb Tapo is a smart bulb from China P&L TP-LINK. An information disclosure vulnerability exists in the TP-LINK Smart bulb Tapo series L530 and Tapo Application, which can be exploited by an attacker to obtain sensitive information via the IV component of the AES128-CBC feature...

The vulnerability of the AES encryption algorithm implementation in TP-Link Tapo C200 IP cameras’ microprogramming software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the AES encryption algorithm implemented in TP-Link Tapo C200 IP cameras relates to the repetition of character sequences in the encrypted text due to incorrect processing of the initialization vector. Exploiting this vulnerability can allow an intruder to gain unauthorized...

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

Design/Logic Flaw

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

CVE-2023-2747

The CVE-2023-2747 issue concerns an uninitialized initialization vector (IV) used by the Secure Engine (SE) to encrypt data stored in SE flash memory, impacting Silicon Labs Gecko SDK/SE firmware. Concrete details from connected documents indicate the affected firmware range is Gecko SE firmware ...

CVE-2023-2747 Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

PT-2023-21148 · Silabs.Com +1 · Gsdk +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized. This issue affects the encryption process, potentially...

Marval MSM 加密问题漏洞

Marval MSM is an innovative IT service management software from Marval UK. A security vulnerability exists in Marval MSM that stems from the use of TripleDES and IV with encryption-at-rest keys to store secrets and certain credentials to a database. Affected products and versions: Marval MSM...

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

CVE-2023-26243

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to...