25 matches found
EUVD-2020-0220
Malware in sbrugna...
EUVD-2024-44044
Malicious code in bioql PyPI...
CVE-2020-8929
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...
CVE-2024-4420
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an...
CVE-2024-4420
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an...
CVE-2024-4420
CVE-2024-4420 documents a Denial-of-Service in Google Tink-cc, affecting versions prior to 2.1.3. The vulnerability stems from the crypto::tink::JsonKeysetReader when fed inputs that are valid JSON elements but not encoded JSON objects (e.g., a number or an array), causing a crash, and potentiall...
CVE-2024-4420 Denial of Service in Tink-cc
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an...
CVE-2024-4420 Denial of Service in Tink-cc
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an...
Google Tink 安全漏洞
Google Tink is a multi-language, cross-platform development library providing cryptographic APIs from Google, Inc. A security vulnerability exists in Google Tink versions prior to 2.1.3, which stems from a crypto tink JsonKeysetReader may crash due to invalid input...
PT-2024-31032 · Google · Tink-Cc
Name of the Vulnerable Software and Affected Versions: Tink-cc versions prior to 2.1.3 Description: The issue is related to a Denial of service vulnerability. An adversary can crash binaries using the crypto::tink::JsonKeysetReader in Tink-cc by providing an input that is not an encoded JSON...
Private Set Membership (PSM) - Cryptographic Protocol That Allows Clients To Privately Query
Private Set Membership PSM is a cryptographic protocol that allows clients to privately query whether the client's identifier is a member of a set of identifiers held by a server in a privacy-preserving manner. At a high level, PSM provides the following privacy guarantees: The server does not...
Google Tink Data Forgery Issue Vulnerability
Tink is the United States Google Google a multi-language cross-platform to provide encryption API of a development library. A security vulnerability exists in versions of Tink prior to 1.5, which stems from incorrect handling of invalid unicode characters and can be exploited by an attacker to...
CVE-2020-8929
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...
CVE-2020-8929
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...
Design/Logic Flaw
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...
PYSEC-2020-142
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...
PYSEC-2020-142
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...
CVE-2020-8929
CVE-2020-8929 concerns the Java implementation of Google Tink prior to 1.5, where mis-handling invalid Unicode characters in ciphertexts allows an attacker to change the ID portion of a ciphertext. This can create a second ciphertext that decrypts to the same plaintext, impacting ciphertext integ...
CVE-2020-8929 Ciphertext integrity weakness in Tink
A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...
Malleable Ciphertext
tink has a ciphertext malleability issue. The vulnerability exists due to storing of the ciphertext prefix in a hashmap keyed by a UTF8 encoded string instead of using byte arrays, allowing the retrieval of keys with IDs of invalid Unicode strings with a changed ID...