CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-7463

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/98035
https://github.com/Gurpartap/aescrypt/issues/4
http://www.securityfocus.com/bid/98035
https://github.com/Gurpartap/aescrypt/issues/4

Products affected by CVE-2013-7463

Aescrypt Project » Aescrypt » Version: 1.0.0

cpe:2.3:a:aescrypt_project:aescrypt:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-7463

Products

Pricing

Contact Us