62 matches found
CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
UBUNTU-CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
CVE-2018-25099
The CVE-2018-25099 issue affects the CryptX Perl module prior to 0.062, where gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() fail to verify the authentication tag. This can lead to input tampering without detection, as summarized in multiple advisories. Public mentions show remediatio...
CVE-2018-25099
In the CryptX module before 0.062 for Perl, gcmdecryptverify and chacha20poly1305decryptverify do not verify the tag...
RUSTSEC-2023-0096 Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...
Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...
CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...
CVE-2023-42811
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...
CVE-2023-40271
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function...
PT-2023-20477 · Arm · Arm Aarch64Cryptolib
Name of the Vulnerable Software and Affected Versions: Arm AArch64cryptolib versions before 86065c6 Description: The issue concerns the armv8 dec aes gcm full API, which fails to verify the authentication tag of AES-GCM protected data. This failure is due to an improperly initialized variable,...
CVE-2023-26084
The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...
Observable timing discrepancy
Overview Overview Affected versions of jose are vulnerable to a Padding Oracle Attack due to Observable Timing Discrepancy. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
GHSA-4V4G-726H-XVFV Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...
GHSA-94HH-PJJG-RWMR Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime
Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...
CVE-2021-29446
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29446 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...