3 matches found
gosaml2 CBC Padding Panic — Unauthenticated Process Crash
Summary The AES-CBC decryption path in DecryptBytes panics on crafted ciphertext whose plaintext is all zero bytes. After decryption, bytes.TrimRightdata, "\x00" empties the slice, then datalendata-1 panics with index out of range -1. There is no recover in the library. The panic propagates throu...
chromium-browser: Incorrect handling of plaintext files via file://
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...
Libgcrypt Information Disclosure Vulnerability (CNVD-2018-05552)
Libgcrypt is a cryptographic library developed as an independent module of GnuPG. An information disclosure vulnerability exists in Libgcrypt versions 1.8.2 and earlier. The vulnerability arises because cipher/elgamal.c in Libgcrypt improperly encodes plaintext when used to directly encrypt...