5 matches found
📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption
This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...
CVE-2016-2427
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...
Design/Logic Flaw
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...
CVE-2016-2427
The CVE-2016-2427 entry concerns AES-GCM-ICVlen = 12 octets in the AES-GCM implementation used by Android 5.x–6.x. The NVD description cites a potential weakness that could defeat cryptographic protection and reveal an authentication key via a crafted app. However, Android’s vendor notes state th...
CVE-2016-2427
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug...