Lucene search
K

4 matches found

NVD
NVD
added 2025/11/21 7:16 p.m.15 views

CVE-2025-64767

hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...

9.1CVSS0.00193EPSS
Exploits0References3
Snyk
Snyk
added 2025/11/20 5:36 p.m.9 views

Nonce Reuse

Overview @hpke/core is an A Hybrid Public Key Encryption HPKE core module for various JavaScript runtimes Affected versions of this package are vulnerable to Nonce Reuse via the public SenderContext Seal API. An attacker can compromise the confidentiality and integrity of encrypted messages by...

9.9CVSS6.8AI score0.00193EPSS
Exploits0References2
OSV
OSV
added 2025/11/20 5:36 p.m.7 views

GHSA-73G8-5H73-26H4 @hpke/core reuses AEAD nonces

Summary The public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. Details The SenderContext Seal implementation allows for concurrent...

9.1CVSS6.9AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.13 views

PT-2025-47653

Name of the Vulnerable Software and Affected Versions hpke-js versions prior to 1.7.5 Description The software contains a race condition in the public SenderContext Seal API. This allows the reuse of the same AEAD nonce for multiple Seal calls, potentially leading to a complete loss of...

9.1CVSS6.5AI score0.00193EPSS
Exploits0References8
Rows per page
Query Builder