tink has a ciphertext malleability issue. The vulnerability exists due to storing of the ciphertext prefix in a hashmap keyed by a UTF8
encoded string instead of using byte
arrays, allowing the retrieval of keys with IDs of invalid Unicode strings with a changed ID.
CPE | Name | Operator | Version |
---|---|---|---|
tink cryptography api | le | 1.4.0 |