2 matches found
GHSA-8X3W-QJ7J-GQHF openmls has improper tag validation
Membership and confirmation tags may not be checked correctly due to a missing length check. Any tag that is shorter than the expected tag, but matches up to its length, as well as any empty tag is considered valid. Impact The vulnerability affects a secondary authentication guarantee that MLS...
python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...