зеркало из https://github.com/golang/vulndb.git
37 строки
1.1 KiB
YAML
37 строки
1.1 KiB
YAML
module: github.com/square/go-jose
|
|
package: github.com/square/go-jose/cipher
|
|
additional_packages:
|
|
- module: github.com/square/go-jose
|
|
symbols:
|
|
- JsonWebEncryption.Decrypt
|
|
- JsonWebEncryption.DecryptMulti
|
|
versions:
|
|
- fixed: v0.0.0-20160903044734-789a4c4bd4c1
|
|
description: |
|
|
On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC
|
|
with HMAC such that they can control how large the input buffer is when computing
|
|
the HMAC authentication tag. This can can allow a manipulated ciphertext to be
|
|
verified as authentic, opening the door for padding oracle attacks.
|
|
published: 2021-04-14T12:00:00Z
|
|
cve: CVE-2016-9123
|
|
credit: Quan Nguyen from Google's Information Security Engineering Team
|
|
symbols:
|
|
- cbcAEAD.computeAuthTag
|
|
arch:
|
|
- "386"
|
|
- arm
|
|
- armbe
|
|
- amd64p32
|
|
- mips
|
|
- mipsle
|
|
- mips64p32
|
|
- mips64p32le
|
|
- ppc
|
|
- riscv
|
|
- s390
|
|
- sparc
|
|
links:
|
|
commit: https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96
|
|
context:
|
|
- https://www.openwall.com/lists/oss-security/2016/11/03/1
|