Description
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90
Third Party Advisory x_refsource_confirm
https://github.com/rweather/noise-java/pull/12
Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Sep/13
Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/159056/Noise-Java-AESGCMOnCtrCipherState.encryptWithAd-Insufficient-Boundary-Checks.html
Scores
CVSS v3
9.8
EPSS
0.0063
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (1)
noise-java_project/noise-java
< 2020-08-27
Published
Sep 04, 2020
Tracked Since
Feb 18, 2026