5 matches found
PT-2025-53629
Name of the Vulnerable Software and Affected Versions GnuPG versions through 2.4.8 Description The software is susceptible to a signature verification bypass. If a signed message includes the character 'f' at the end of a plaintext line, an attacker can modify the message to add text after the...
GHSA-2Q89-485C-9J2X Improper random reading in CIRCL
Impact When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did...
CVE-2023-1732 Improper random reading in CIRCL
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
Ciphertext Malleability Issue in Tink Java
Impact Tink's Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a...
GHSA-G5VF-V6WF-7W2R Ciphertext Malleability Issue in Tink Java
Impact Tink's Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a...