CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-42811

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.0%

CVSS Severity

CVSS v3 Score 4.7

References

Products affected by CVE-2023-42811

Aes-Gcm Project » Aes-Gcm » Version: 0.10.0

cpe:2.3:a:aes-gcm_project:aes-gcm:0.10.0
Aes-Gcm Project » Aes-Gcm » Version: 0.10.1

cpe:2.3:a:aes-gcm_project:aes-gcm:0.10.1
Aes-Gcm Project » Aes-Gcm » Version: 0.10.2

cpe:2.3:a:aes-gcm_project:aes-gcm:0.10.2
Fedoraproject » Fedora » Version: 37

cpe:2.3:o:fedoraproject:fedora:37
Fedoraproject » Fedora » Version: 38

cpe:2.3:o:fedoraproject:fedora:38
Fedoraproject » Fedora » Version: 39

cpe:2.3:o:fedoraproject:fedora:39

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-42811

Products

Pricing

Contact Us