CVE-2023-42811 in aes-gcm정보

요약

\~에 의해 MITRE • 2023. 09. 22.

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub, Inc.

예약하다

2023. 09. 14.

공개

2023. 09. 22.

모더레이션

수락

항목

VDB-240222

CPE

준비됨

CWE

CWE-347 (확인됨)

CVSS

5.5 (NVD)

EPSS

0.00016

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-42811
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-42811
CVE Details	https://www.cvedetails.com/cve/CVE-2023-42811/

◂ 이전 개요 다음 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!