Vulnerability-Lookup

CVE-2023-42811 (GCVE-0-2023-42811)

Vulnerability from cvelistv5 – Published: 2023-09-22 15:19 – Updated: 2025-06-18 14:22

Title

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

GitHub_M

References

URL

Tags

	https://github.com/RustCrypto/AEADs/security/advi…	x_refsource_CONFIRM
	https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…
	https://lists.fedoraproject.org/archives/list/pac…

Impacted products

	Vendor	Product	Version
	RustCrypto	AEADs	Affected: >= 0.10.0, < 0.10.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"
          },
          {
            "name": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42811",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-19T18:49:22.620440Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T14:22:56.534Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AEADs",
          "vendor": "RustCrypto",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.10.0, \u003c 0.10.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-03T01:06:15.294Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"
        },
        {
          "name": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/"
        }
      ],
      "source": {
        "advisory": "GHSA-423w-p2w9-r7vq",
        "discovery": "UNKNOWN"
      },
      "title": "AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-42811",
    "datePublished": "2023-09-22T15:19:15.445Z",
    "dateReserved": "2023-09-14T16:13:33.307Z",
    "dateUpdated": "2025-06-18T14:22:56.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-42811\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-22T16:15:10.583\",\"lastModified\":\"2024-11-21T08:23:15.670\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.\"},{\"lang\":\"es\",\"value\":\"aes-gcm es una implementaci\u00f3n Rust pura de AES-GCM. A partir de la versi\u00f3n 0.10.0 y antes de la versi\u00f3n 0.10.3, en la implementaci\u00f3n AES GCM de decrypt_in_place_detached, el texto cifrado descifrado (es decir, el texto plano correcto) se expone incluso si falla la verificaci\u00f3n de la etiqueta. Si un programa que utiliza las API `decrypt_in_place*` de la caja `aes-gcm` accede al b\u00fafer despu\u00e9s de un error de descifrado, contendr\u00e1 un descifrado de una entrada no autenticada. Dependiendo de la naturaleza espec\u00edfica del programa, esto puede permitir Chosen Ciphertext Attacks (CCA), que pueden provocar una rotura catastr\u00f3fica del cifrado, incluida la recuperaci\u00f3n completa del texto plano. La versi\u00f3n 0.10.3 contiene una soluci\u00f3n para este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.5,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:aes-gcm_project:aes-gcm:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"0.10.0\",\"versionEndExcluding\":\"0.10.3\",\"matchCriteriaId\":\"A3BCA7D5-B854-4222-A64F-FC7E60029662\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq\", \"name\": \"https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309\", \"name\": \"https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:30:24.555Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42811\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-19T18:49:22.620440Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-18T14:22:51.476Z\"}}], \"cna\": {\"title\": \"AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure\", \"source\": {\"advisory\": \"GHSA-423w-p2w9-r7vq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"RustCrypto\", \"product\": \"AEADs\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.10.0, \u003c 0.10.3\"}]}], \"references\": [{\"url\": \"https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq\", \"name\": \"https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309\", \"name\": \"https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347: Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-10-03T01:06:15.294Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-42811\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-18T14:22:56.534Z\", \"dateReserved\": \"2023-09-14T16:13:33.307Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-09-22T15:19:15.445Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

OPENSUSE-SU-2024:13315-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

shadowsocks-rust-1.16.2-1.1 on GA media

Notes

Title of the patch

shadowsocks-rust-1.16.2-1.1 on GA media

Description of the patch

These are all security issues fixed in the shadowsocks-rust-1.16.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-13315

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "shadowsocks-rust-1.16.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the shadowsocks-rust-1.16.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13315",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13315-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-42811 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-42811/"
      }
    ],
    "title": "shadowsocks-rust-1.16.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13315-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shadowsocks-rust-1.16.2-1.1.aarch64",
                "product": {
                  "name": "shadowsocks-rust-1.16.2-1.1.aarch64",
                  "product_id": "shadowsocks-rust-1.16.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shadowsocks-rust-1.16.2-1.1.ppc64le",
                "product": {
                  "name": "shadowsocks-rust-1.16.2-1.1.ppc64le",
                  "product_id": "shadowsocks-rust-1.16.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shadowsocks-rust-1.16.2-1.1.s390x",
                "product": {
                  "name": "shadowsocks-rust-1.16.2-1.1.s390x",
                  "product_id": "shadowsocks-rust-1.16.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "shadowsocks-rust-1.16.2-1.1.x86_64",
                "product": {
                  "name": "shadowsocks-rust-1.16.2-1.1.x86_64",
                  "product_id": "shadowsocks-rust-1.16.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shadowsocks-rust-1.16.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.aarch64"
        },
        "product_reference": "shadowsocks-rust-1.16.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shadowsocks-rust-1.16.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.ppc64le"
        },
        "product_reference": "shadowsocks-rust-1.16.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shadowsocks-rust-1.16.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.s390x"
        },
        "product_reference": "shadowsocks-rust-1.16.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "shadowsocks-rust-1.16.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.x86_64"
        },
        "product_reference": "shadowsocks-rust-1.16.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-42811",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-42811"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.aarch64",
          "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.ppc64le",
          "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.s390x",
          "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-42811",
          "url": "https://www.suse.com/security/cve/CVE-2023-42811"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215654 for CVE-2023-42811",
          "url": "https://bugzilla.suse.com/1215654"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.aarch64",
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.ppc64le",
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.s390x",
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.aarch64",
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.ppc64le",
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.s390x",
            "openSUSE Tumbleweed:shadowsocks-rust-1.16.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-42811"
    }
  ]
}

GSD-2023-42811

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-42811

Aliases

CVE-2023-42811

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-42811",
    "id": "GSD-2023-42811"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-42811"
      ],
      "details": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.",
      "id": "GSD-2023-42811",
      "modified": "2023-12-13T01:20:21.802371Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-42811",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AEADs",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 0.10.0, \u003c 0.10.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "RustCrypto"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-347",
                "lang": "eng",
                "value": "CWE-347: Improper Verification of Cryptographic Signature"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq",
            "refsource": "MISC",
            "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"
          },
          {
            "name": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309",
            "refsource": "MISC",
            "url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-423w-p2w9-r7vq",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:aes-gcm_project:aes-gcm:*:*:*:*:*:rust:*:*",
                    "matchCriteriaId": "A3BCA7D5-B854-4222-A64F-FC7E60029662",
                    "versionEndExcluding": "0.10.3",
                    "versionStartIncluding": "0.10.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue."
          },
          {
            "lang": "es",
            "value": "aes-gcm es una implementaci\u00f3n Rust pura de AES-GCM. A partir de la versi\u00f3n 0.10.0 y antes de la versi\u00f3n 0.10.3, en la implementaci\u00f3n AES GCM de decrypt_in_place_detached, el texto cifrado descifrado (es decir, el texto plano correcto) se expone incluso si falla la verificaci\u00f3n de la etiqueta. Si un programa que utiliza las API `decrypt_in_place*` de la caja `aes-gcm` accede al b\u00fafer despu\u00e9s de un error de descifrado, contendr\u00e1 un descifrado de una entrada no autenticada. Dependiendo de la naturaleza espec\u00edfica del programa, esto puede permitir Chosen Ciphertext Attacks (CCA), que pueden provocar una rotura catastr\u00f3fica del cifrado, incluida la recuperaci\u00f3n completa del texto plano. La versi\u00f3n 0.10.3 contiene una soluci\u00f3n para este problema."
          }
        ],
        "id": "CVE-2023-42811",
        "lastModified": "2024-02-16T18:03:56.013",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.5,
              "impactScore": 4.2,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-09-22T16:15:10.583",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Product"
            ],
            "url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Exploit",
              "Vendor Advisory"
            ],
            "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-347"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2023-42811

Vulnerability from fkie_nvd - Published: 2023-09-22 16:15 - Updated: 2024-11-21 08:23

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309	Product
security-advisories@github.com	https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq	Exploit, Vendor Advisory
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/	Mailing List
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/	Mailing List
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309	Product
af854a3a-2127-422b-91ae-364da2661108	https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/	Mailing List

Impacted products

Vendor	Product	Version
aes-gcm_project	aes-gcm	*
fedoraproject	fedora	37
fedoraproject	fedora	38
fedoraproject	fedora	39

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aes-gcm_project:aes-gcm:*:*:*:*:*:rust:*:*",
              "matchCriteriaId": "A3BCA7D5-B854-4222-A64F-FC7E60029662",
              "versionEndExcluding": "0.10.3",
              "versionStartIncluding": "0.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue."
    },
    {
      "lang": "es",
      "value": "aes-gcm es una implementaci\u00f3n Rust pura de AES-GCM. A partir de la versi\u00f3n 0.10.0 y antes de la versi\u00f3n 0.10.3, en la implementaci\u00f3n AES GCM de decrypt_in_place_detached, el texto cifrado descifrado (es decir, el texto plano correcto) se expone incluso si falla la verificaci\u00f3n de la etiqueta. Si un programa que utiliza las API `decrypt_in_place*` de la caja `aes-gcm` accede al b\u00fafer despu\u00e9s de un error de descifrado, contendr\u00e1 un descifrado de una entrada no autenticada. Dependiendo de la naturaleza espec\u00edfica del programa, esto puede permitir Chosen Ciphertext Attacks (CCA), que pueden provocar una rotura catastr\u00f3fica del cifrado, incluida la recuperaci\u00f3n completa del texto plano. La versi\u00f3n 0.10.3 contiene una soluci\u00f3n para este problema."
    }
  ],
  "id": "CVE-2023-42811",
  "lastModified": "2024-11-21T08:23:15.670",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-22T16:15:10.583",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

SUSE-SU-2023:4060-1

Vulnerability from csaf_suse - Published: 2023-10-12 08:05 - Updated: 2023-10-12 08:05

Summary

Security update for rage-encryption

Notes

Title of the patch

Security update for rage-encryption

Description of the patch

This update for rage-encryption fixes the following issues: -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm (bsc#1215657) * update vendor.tar.zst to contain aes-gcm >= 0.10.3 - Update to version 0.9.2+0: * CI: Ensure `apt` repository is up-to-date before installing build deps * CI: Build Linux releases using `ubuntu-20.04` runner * CI: Remove most uses of `actions-rs` actions - Update to version 0.9.2+0: * Fix changelog bugs and add missing entry * Document `PINENTRY_PROGRAM` environment variable * age: Add `Decryptor::new_async_buffered` * age: `impl AsyncBufRead for ArmoredReader` * Pre-initialize vectors when the capacity is known, or use arrays * Use `PINENTRY_PROGRAM` as environment variable for `pinentry` * Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely * cargo update * cargo vet prune * Migrate to `cargo-vet 0.7` * build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1 * Correct spelling in documentation * build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4 * StreamWriter AsyncWrite: fix usage with futures::io::copy() * rage: Use `Decryptor::new_buffered` * age: Add `Decryptor::new_buffered` * age: `impl BufRead for ArmoredReader` * Update Homebrew formula to v0.9.1 * feat/pinentry: Use env var to define pinentry binary - Update to version 0.9.1+0: * ssh: Fix parsing of OpenSSH private key format * ssh: Support `aes256-gcm@openssh.com` ciphers for encrypted keys * ssh: Add `aes256-gcm@openssh.com` cipher to test cases * ssh: Extract common key material derivation logic for encrypted keys * ssh: Use associated constants for key and IV sizes * ssh: Add test cases for encrypted keys - Add shell completions for fish and zsh.

Patchnames

SUSE-2023-4060,SUSE-SLE-Module-Basesystem-15-SP5-2023-4060,openSUSE-SLE-15.5-2023-4060

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for rage-encryption",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for rage-encryption fixes the following issues:\n\n -CVE-2023-42811: chosen ciphertext attack possible against aes-gcm (bsc#1215657)\n\n  * update vendor.tar.zst to contain aes-gcm \u003e= 0.10.3\n\n- Update to version 0.9.2+0:\n\n  * CI: Ensure `apt` repository is up-to-date before installing build deps\n  * CI: Build Linux releases using `ubuntu-20.04` runner\n  * CI: Remove most uses of `actions-rs` actions\n\n- Update to version 0.9.2+0:\n\n  * Fix changelog bugs and add missing entry\n  * Document `PINENTRY_PROGRAM` environment variable\n  * age: Add `Decryptor::new_async_buffered`\n  * age: `impl AsyncBufRead for ArmoredReader`\n  * Pre-initialize vectors when the capacity is known, or use arrays\n  * Use `PINENTRY_PROGRAM` as environment variable for `pinentry`\n  * Document why `impl AsyncWrite for StreamWriter` doesn\u0027t loop indefinitely\n  * cargo update\n  * cargo vet prune\n  * Migrate to `cargo-vet 0.7`\n  * build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1\n  * Correct spelling in documentation\n  * build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4\n  * StreamWriter AsyncWrite: fix usage with futures::io::copy()\n  * rage: Use `Decryptor::new_buffered`\n  * age: Add `Decryptor::new_buffered`\n  * age: `impl BufRead for ArmoredReader`\n  * Update Homebrew formula to v0.9.1\n  * feat/pinentry: Use env var to define pinentry binary\n\n- Update to version 0.9.1+0:\n\n  * ssh: Fix parsing of OpenSSH private key format\n  * ssh: Support `aes256-gcm@openssh.com` ciphers for encrypted keys\n  * ssh: Add `aes256-gcm@openssh.com` cipher to test cases\n  * ssh: Extract common key material derivation logic for encrypted keys\n  * ssh: Use associated constants for key and IV sizes\n  * ssh: Add test cases for encrypted keys\n- Add shell completions for fish and zsh.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-4060,SUSE-SLE-Module-Basesystem-15-SP5-2023-4060,openSUSE-SLE-15.5-2023-4060",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4060-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:4060-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234060-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:4060-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016645.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1215657",
        "url": "https://bugzilla.suse.com/1215657"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-42811 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-42811/"
      }
    ],
    "title": "Security update for rage-encryption",
    "tracking": {
      "current_release_date": "2023-10-12T08:05:57Z",
      "generator": {
        "date": "2023-10-12T08:05:57Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:4060-1",
      "initial_release_date": "2023-10-12T08:05:57Z",
      "revision_history": [
        {
          "date": "2023-10-12T08:05:57Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
                "product": {
                  "name": "rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
                  "product_id": "rage-encryption-0.9.2+0-150500.3.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch",
                "product": {
                  "name": "rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch",
                  "product_id": "rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "rage-encryption-fish-completion-0.9.2+0-150500.3.3.1.noarch",
                "product": {
                  "name": "rage-encryption-fish-completion-0.9.2+0-150500.3.3.1.noarch",
                  "product_id": "rage-encryption-fish-completion-0.9.2+0-150500.3.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "rage-encryption-zsh-completion-0.9.2+0-150500.3.3.1.noarch",
                "product": {
                  "name": "rage-encryption-zsh-completion-0.9.2+0-150500.3.3.1.noarch",
                  "product_id": "rage-encryption-zsh-completion-0.9.2+0-150500.3.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
                "product": {
                  "name": "rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
                  "product_id": "rage-encryption-0.9.2+0-150500.3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rage-encryption-0.9.2+0-150500.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64"
        },
        "product_reference": "rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rage-encryption-0.9.2+0-150500.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64"
        },
        "product_reference": "rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch"
        },
        "product_reference": "rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rage-encryption-0.9.2+0-150500.3.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64"
        },
        "product_reference": "rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rage-encryption-0.9.2+0-150500.3.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64"
        },
        "product_reference": "rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch"
        },
        "product_reference": "rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-42811",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-42811"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch",
          "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
          "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
          "openSUSE Leap 15.5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-42811",
          "url": "https://www.suse.com/security/cve/CVE-2023-42811"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215654 for CVE-2023-42811",
          "url": "https://bugzilla.suse.com/1215654"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch",
            "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
            "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
            "openSUSE Leap 15.5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch",
            "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.aarch64",
            "openSUSE Leap 15.5:rage-encryption-0.9.2+0-150500.3.3.1.x86_64",
            "openSUSE Leap 15.5:rage-encryption-bash-completion-0.9.2+0-150500.3.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-10-12T08:05:57Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-42811"
    }
  ]
}

GHSA-423W-P2W9-R7VQ

Vulnerability from github – Published: 2023-09-22 16:11 – Updated: 2025-12-31 22:00

Summary

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Details

Summary

In the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails.

Impact

If a program using the aes-gcm crate's decrypt_in_place* APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery.

Details

As seen in the implementation of decrypt_in_place_detached for AES GCM, if the tag verification fails, an error is returned. Because the decryption of the ciphertext is done in place, the plaintext contents are now exposed via buffer.

This should ideally not be the case - as noted in page 17 of NIST's publication Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC: In Step 8, the result of Step 7 is compared with the authentication tag that was received as an input: if they are identical, then the plaintext is returned; otherwise,FAIL is returned.

This is seems correctly addressed in the AES GCM SIV implementation, where the decrypted buffer is encrypted again before the error is returned - this fix is straightforward to implement in AES GCM. To ensure that these types of cases are covered during testing, it would be valuable to add test cases like 23, 24 etc from project wycheproof to ensure that when a bad tag is used, there is an error on decryption and that the plaintext value is not exposed.

PoC

To reproduce this issue, I'm using test case 23 from project wycheproof.

    let key = GenericArray::from_slice(&hex!("000102030405060708090a0b0c0d0e0f"));
    let nonce = GenericArray::from_slice(&hex!("505152535455565758595a5b"));
    let tag = GenericArray::from_slice(&hex!("d9847dbc326a06e988c77ad3863e6083")); // bad tag
    let mut ct = hex!("eb156d081ed6b6b55f4612f021d87b39");
    let msg = hex!("202122232425262728292a2b2c2d2e2f");
    let aad = hex!("");
    let cipher = Aes128Gcm::new(&key);
    let _plaintext = cipher.decrypt_in_place_detached(&nonce, &aad, &mut ct, &tag);
    assert_eq!(ct, msg);

Severity ?

4.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.10.2"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "aes-gcm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.10.0"
            },
            {
              "fixed": "0.10.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-42811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-22T16:11:47Z",
    "nvd_published_at": "2023-09-22T16:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nIn the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. \n\n### Impact\nIf a program using the `aes-gcm` crate\u0027s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery.\n\n### Details\nAs seen in the implementation of [decrypt_in_place_detached](https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309) for AES GCM, if the tag verification fails, an error is returned. Because the decryption of the ciphertext is done in place, the plaintext contents are now exposed via `buffer`. \n\nThis should ideally not be the case - as noted in page 17 of[ NIST\u0027s publication _Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC_](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf): \n_In Step 8, the result of Step 7 is compared with the authentication tag that was received as an input: if they are identical, then the plaintext is returned; otherwise,FAIL is returned._\n\nThis is seems correctly addressed in the [AES GCM SIV implementation](https://docs.rs/aes-gcm-siv/latest/src/aes_gcm_siv/lib.rs.html#307), where the decrypted buffer is encrypted again before the error is returned - this fix is straightforward to implement in AES GCM. To ensure that these types of cases are covered during testing, it would be valuable to add test cases like [23, 24 ](https://github.com/google/wycheproof/blob/master/testvectors/aes_gcm_test.json#L288)etc from [project wycheproof ](https://github.com/google/wycheproof)to ensure that when a bad tag is used, there is an error on decryption _**and**_ that the plaintext value is not exposed. \n\n### PoC\nTo reproduce this issue, I\u0027m using [test case 23](https://github.com/google/wycheproof/blob/master/testvectors/aes_gcm_test.json#L288) from project wycheproof. \n```rust\n    let key = GenericArray::from_slice(\u0026hex!(\"000102030405060708090a0b0c0d0e0f\"));\n    let nonce = GenericArray::from_slice(\u0026hex!(\"505152535455565758595a5b\"));\n    let tag = GenericArray::from_slice(\u0026hex!(\"d9847dbc326a06e988c77ad3863e6083\")); // bad tag\n    let mut ct = hex!(\"eb156d081ed6b6b55f4612f021d87b39\");\n    let msg = hex!(\"202122232425262728292a2b2c2d2e2f\");\n    let aad = hex!(\"\");\n    let cipher = Aes128Gcm::new(\u0026key);\n    let _plaintext = cipher.decrypt_in_place_detached(\u0026nonce, \u0026aad, \u0026mut ct, \u0026tag);\n    assert_eq!(ct, msg);\n```",
  "id": "GHSA-423w-p2w9-r7vq",
  "modified": "2025-12-31T22:00:24Z",
  "published": "2023-09-22T16:11:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42811"
    },
    {
      "type": "WEB",
      "url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/RustCrypto/AEADs"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2023-0096.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-42811 (GCVE-0-2023-42811)

OPENSUSE-SU-2024:13315-1

GSD-2023-42811

FKIE_CVE-2023-42811

SUSE-SU-2023:4060-1

GHSA-423W-P2W9-R7VQ

Summary

Impact

Details

PoC

Tags

Sightings

Nomenclature