Lucene search
K

5 matches found

OSV
OSV
added 2021/04/19 2:58 p.m.32 views

GHSA-94HH-PJJG-RWMR Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS6AI score0.01238EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/04/19 2:57 p.m.75 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose

jose is an npm library providing a number of cryptographic operations. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly...

5.9CVSS0.9AI score0.01167EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/04/16 9:50 p.m.53 views

CVE-2021-29445 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

5.9CVSS6.4AI score0.01238EPSS
Exploits0References2
OSV
OSV
added 2021/04/16 6:15 p.m.15 views

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS5.7AI score
Exploits0References2
Debian
Debian
added 2019/10/13 7:41 a.m.19 views

[SECURITY] [DSA 4539-3] openssl regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4539-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 13, 2019 https://www.debian.org/security/faq -...

1.8AI score
Exploits0
Rows per page
Query Builder