libcrux-aesgcm (=0.0.4-pre.1), libcrux-ml-dsa (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-intrinsics (>=0.0.3 <=0.0.4-pre.1)

libcrux-intrinsics CARGO version =0.0.3, =0.0.3, =0.0.3-alpha.3 Source cves: unknown CVE Source advisory: OSV:GHSA-2CGV-28VR-RV6J...

Linux Distros Unpatched Vulnerability : CVE-2022-32096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial ...

GHSA-2J6R-9VV4-6GF5 github.com/bincyber/go-sqlcrypter vulnerable to IV collision

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

github.com/bincyber/go-sqlcrypter vulnerable to IV collision

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

GO-2024-2451 IV collision in github.com/bincyber/go-sqlcrypter

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

PT-2024-40543 · Amazon · Awskms

Name of the Vulnerable Software and Affected Versions: awskms and aesgcm providers affected versions not specified Description: The issue concerns the risk of an IV collision when using the awskms or aesgcm provider for encryption, particularly in scenarios like database column encryption where...

UBUNTU-CVE-2022-32096

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted JWE token...

Design/Logic Flaw

An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd allows out-of-bounds access...

openSUSE: Security Advisory for openssl (openSUSE-SU-2016:2407-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for openssl (important)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 Constant time flag not...

openSUSE Security Update : openssl (openSUSE-2016-1134)

This update for openssl fixes the following issues : OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag n...

openSUSE Security Update : openssl (openSUSE-2016-1130)

This update for openssl fixes the following issues : OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 - Constant time flag n...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:2394-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...

Security update for openssl (important)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 boo999665 Severity: High OCSP Status Request extension unbounded memory growth CVE-2016-6304 boo999666 Severity: Low Pointer arithmetic undefined behaviour CVE-2016-2177 boo982575 Constant time flag not...

SUSE SLES12 Security Update : openssl (SUSE-SU-2016:2387-1)

This update for openssl fixes the following issues: OpenSSL Security Advisory 22 Sep 2016 bsc999665 Severity: High - OCSP Status Request extension unbounded memory growth CVE-2016-6304 bsc999666 Severity: Low - Pointer arithmetic undefined behaviour CVE-2016-2177 bsc982575 - Constant time flag no...