EUVD-2024-3124

Malicious code in bioql PyPI...

CVE-2024-21530

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. Note: The issue...

GHSA-R2JW-C95Q-RJ29 Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6878-6wc2-pf5h. This link is maintained to preserve external references. Original Description Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encryp...

CVE-2024-21530

CVE-2024-21530 affects Cocoon before 0.4.0. The vulnerability arises when the encrypt, wrap, and dump functions are called sequentially with the same cocoon object, which can cause nonce reuse and allow an attacker to generate identical ciphertexts. The issue explicitly does not affect objects cr...

Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

RUSTSEC-2023-0068 Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...