Lucene search
K

8 matches found

Veracode
Veracode
added 2024/05/22 9:14 a.m.16 views

IV Collision

github.com/bincyber/go-sqlcrypter is vulnerable to IV Collision. The vulnerability is due to using a random IV, which can exceed the safe limit of encrypting plaintext above 2^32 in size under the same key as stated by NIST SP 800-38D, potentially allowing attackers to decrypt messages if IV...

7AI score
Exploits0
OSV
OSV
added 2024/05/20 9:56 p.m.10 views

GHSA-2J6R-9VV4-6GF5 github.com/bincyber/go-sqlcrypter vulnerable to IV collision

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

3.7CVSS6.7AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/20 9:56 p.m.19 views

github.com/bincyber/go-sqlcrypter vulnerable to IV collision

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

6.7AI score
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/30 4:25 p.m.9 views

GO-2024-2451 IV collision in github.com/bincyber/go-sqlcrypter

There is a risk of an IV collision using the awskms or aesgcm provider. NIST SP 800-38D section 8.3 states that it is unsafe to encrypt more than 2^32 plaintexts under the same key when using a random IV. The limit could easily be reached given the use case of database column encryption...

6.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.43 views

Oracle Linux 9 : openssl (ELSA-2024-0310)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0310 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...

7.5CVSS6.5AI score0.05533EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/21 12:0 a.m.27 views

RHEL 9 : openssl (RHSA-2024:0310)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0310 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS6.8AI score0.03332EPSS
Exploits0References6
Prion
Prion
added 2023/10/25 6:17 p.m.82 views

Design/Logic Flaw

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

5CVSS7.2AI score0.03332EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2023/10/24 3:31 p.m.603 views

CVE-2023-5363

CVE-2023-5363 : OpenSSL 3.0 and 3.1 are affected by a bug in key/IV length processing during EVP_Init_ex2/2 and EVP_CipherInit_ex2, where alterations to keylen/ivlen via OSSL_PARAM may not apply, causing truncation or overruns. This can yield non-unique IVs and, in CCM/GCM/OCB modes, potential lo...

7.5CVSS7.5AI score0.03332EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder