Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks

Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Pietro Oliva via Fulldisclosure on Sep 04

Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks
Author: Pietro Oliva
CVE: CVE-2020-25022
Vendor: Rhys Weatherley (Creator of Noise Framework’s reference implementation in Java)
Product: Noise-Java
Affected version: No version information is currently available.
Fixed version: Check latest commit and pull request

Description:
The issue is located in the…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source
Available for Amazon Prime