4 matches found
CVE-2025-64767
hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...
Nonce Reuse
Overview @hpke/core is an A Hybrid Public Key Encryption HPKE core module for various JavaScript runtimes Affected versions of this package are vulnerable to Nonce Reuse via the public SenderContext Seal API. An attacker can compromise the confidentiality and integrity of encrypted messages by...
GHSA-73G8-5H73-26H4 @hpke/core reuses AEAD nonces
Summary The public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. Details The SenderContext Seal implementation allows for concurrent...
PT-2025-47653
Name of the Vulnerable Software and Affected Versions hpke-js versions prior to 1.7.5 Description The software contains a race condition in the public SenderContext Seal API. This allows the reuse of the same AEAD nonce for multiple Seal calls, potentially leading to a complete loss of...