Lucene search
+L

62 matches found

Vulnrichment
Vulnrichment
added 2026/03/02 9:20 p.m.5 views

CVE-2026-3337 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS5.9AI score0.01079EPSS
Exploits0References3
RustSec
RustSec
added 2026/03/02 12:0 p.m.5 views

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS7.5AI score0.01079EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/02 12:0 p.m.7 views

RUSTSEC-2026-0045 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

5.9CVSS5.8AI score0.01079EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/23 3:2 a.m.4 views

CVE-2026-2968 Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification

A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mgchacha20poly1305decrypt of the file /src/tlschacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...

6.3CVSS4.3AI score0.00218EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.7 views

CVE-2023-40271

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function...

7.5CVSS7.3AI score0.00323EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13851

Malware in sbrugna...

9.8CVSS8.9AI score0.00489EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-0803

Malware in sbrugna...

5.9CVSS6.8AI score0.01238EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-25099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag. CVE-2018-25099 Note that Nessus relies on...

9.8CVSS5.5AI score0.00489EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-27498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the...

5.6CVSS6.1AI score0.00117EPSS
Exploits0References2
OSV
OSV
added 2025/06/04 8:48 p.m.8 views

GHSA-2X3R-HWV5-P32X Deno's AES GCM authentication tags are not verified

Summary This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno...

8.7CVSS7.2AI score0.0024EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 3:14 a.m.6 views

CVE-2023-26084

The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...

3.7CVSS7AI score0.00362EPSS
Exploits0References1
OSV
OSV
added 2025/03/03 8:22 p.m.16 views

GHSA-R38M-44FW-H886 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. Details This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cau...

5.6CVSS6.4AI score0.00117EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/03 8:22 p.m.16 views

AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. Details This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cau...

5.6CVSS7.2AI score0.00117EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/03 5:15 p.m.49 views

UBUNTU-CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS5.8AI score0.00117EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/03 4:52 p.m.5 views

CVE-2025-27498 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS6.5AI score0.00117EPSS
Exploits0References2
CVE
CVE
added 2025/03/03 4:52 p.m.84 views

CVE-2025-27498

The CVE-2025-27498 entry concerns a vulnerability in a pure Rust AES-GCM implementation where decrypt_in_place_detached can expose the decrypted plaintext even if the authentication tag is invalid. Root cause: in decrypt_in_place in asconcore.rs, a tag verification error is returned while the pla...

5.6CVSS6.7AI score0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/03 4:52 p.m.42 views

CVE-2025-27498 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS0.00117EPSS
Exploits0References2
OSV
OSV
added 2025/03/03 4:52 p.m.23 views

CVE-2025-27498 AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

5.6CVSS6.4AI score0.00117EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/03/19 4:9 a.m.5 views

SUSE CVE-2018-25099

In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...

9.8CVSS7AI score0.00489EPSS
Exploits0References4
NVD
NVD
added 2024/03/18 5:15 a.m.13 views

CVE-2018-25099

In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...

9.8CVSS6.6AI score0.00489EPSS
Exploits0References3
Rows per page
Query Builder