Lucene search
K

4 matches found

NVD
NVD
added 2024/06/04 10:15 p.m.22 views

CVE-2024-36121

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...

9.1CVSS6AI score0.00269EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/04 9:13 p.m.32 views

CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...

5.9CVSS6AI score0.00269EPSS
Exploits1References2
CVE
CVE
added 2024/06/04 9:13 p.m.35 views

CVE-2024-36121

Netty’s netty-incubator-codec-ohttp contains a flaw in BoringSSLAEADContext: the sequence counter can overflow, causing AES-GCM nonces to repeat and potentially compromise confidentiality/integrity. Public sources describe that enabling encryption beyond 2^32 messages without proper overflow chec...

9.1CVSS7.7AI score0.00269EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/04 9:13 p.m.18 views

CVE-2024-36121 netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces

netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which...

5.9CVSS9AI score0.00269EPSS
Exploits1References4
Rows per page
Query Builder