8 matches found
CVE-2022-50707
In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtiocryptoalgskcipherclosesession 'vcctrlreq' is alloced in virtiocryptoalgskcipherclosesession, and should be freed in the invalid ctrlstatus-status error handling case. Otherwise there is a...
CVE-2022-50707 virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
In the Linux kernel, the following vulnerability has been resolved: virtio-crypto: fix memory leak in virtiocryptoalgskcipherclosesession 'vcctrlreq' is alloced in virtiocryptoalgskcipherclosesession, and should be freed in the invalid ctrlstatus-status error handling case. Otherwise there is a...
Demo of AES GCM Misuse Problems
This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode...
Miscomputation when performing AES encryption in rust-crypto
The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...
Linux/x86 - Rabbit Shellcode Crypter (200 bytes)
Introduction Exploit Title: Rabbit Shellcode Crypter Date: 24.4.2019 Exploit Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Description: Crypter which encrypts, decrypts and executes given shellcode using Rabbit symmetric cipher Keep in mind before use 1. Max...
kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AFALG-based skcipher interface to cause a denial of service uninitialized-memory free and kernel crash or have an unspecified othe...
LC4: Another Pen-and-Paper Cipher
Interesting symmetric cipher: LC4: Abstract: ElsieFour LC4 is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts...
Microsoft Windows SSL/TLS信息泄露漏洞
CVE ID: CVE-2011-3389 Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows在SSL/TLS协议的实现上存在信息泄露漏洞,远程攻击者可利用此漏洞泄露敏感信息并劫持用户会话。 此漏洞源于在CBC模式中结合对称密码套件使用Secure Sockets Layer 3.0 SSL和Transport Layer Security 1.0 TLS 协议时出现的设计错误,通过中间人攻击加密HTTPS会话。 Microsoft Windows Microsoft Windows XP Home Microsoft Windows ...