3 matches found
EUVD-2021-1765
Malware in sbrugna...
Rust 输入验证错误漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in chacha20 crate in Mozilla Rust versions prior to 0.2.3, which stems from a ChaCha20 counter overflow that can be exploited by an attacker to determine plaintext...
ChaCha20 counter overflow can expose repetitions in the keystream
The ChaCha20 stream cipher can produce a maximum of 2^32 blocks 256GB before the 32-bit counter overflows. Releases of the chacha20 crate prior to v0.2.3 allow generating keystreams larger than this, including seeking past the limit. When this occurs, the keystream is duplicated, with failure mod...