Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks
Posted by Pietro Oliva via Fulldisclosure on Sep 04
Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks
Author: Pietro Oliva
CVE: CVE-2020-25022
Vendor: Rhys Weatherley (Creator of Noise Framework’s reference implementation in Java)
Product: Noise-Java
Affected version: No version information is currently available.
Fixed version: Check latest commit and pull request
Description:
The issue is located in the…
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.