Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks

Posted by Pietro Oliva via Fulldisclosure on Sep 04

Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd() insufficient boundary checks
Author: Pietro Oliva
CVE: CVE-2020-25022
Vendor: Rhys Weatherley (Creator of Noise Framework’s reference implementation in Java)
Product: Noise-Java
Affected version: No version information is currently available.
Fixed version: Check latest commit and pull request

Description:
The issue is located in the…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source