Aes-gcm Project Aes-gcm 0.10.0 for Rust

CPE Details

Aes-gcm Project Aes-gcm 0.10.0 for Rust
aes-gcm_project
aes-gcm
0.10.0
2023-09-27
08h05 +00:00
2023-09-27
08h05 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:aes-gcm_project:aes-gcm:0.10.0:*:*:*:*:rust:*:*

Informations

Vendor

aes-gcm_project

Product

aes-gcm

Version

0.10.0

Target Software

rust

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-42811 2023-09-22 15h19 +00:00 aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.