blob: b3fef4a6ebe72bd5501d88adf394dd2eb4d49dd9 [file] [log] [blame]
packages:
- module: github.com/flynn/noise
symbols:
- CipherState.Encrypt
- CipherState.Decrypt
- symmetricState.EncryptAndHash
derived_symbols:
- HandshakeState.ReadMessage
- HandshakeState.WriteMessage
- symmetricState.DecryptAndHash
versions:
- fixed: 1.0.0
vulnerable_at: 0.0.0-20210422170017-fc2bb37e287b
description: |
The Noise protocol implementation suffers from weakened
cryptographic security after encrypting 2^64 messages, and a
potential denial of service attack.
After 2^64 (~18.4 quintillion) messages are encrypted with the
Encrypt function, the nonce counter will wrap around, causing
multiple messages to be encrypted with the same key and nonce.
In a separate issue, the Decrypt function increments the nonce
state even when it fails to decrypt a message. If an attacker
can provide an invalid input to the Decrypt function, this will
cause the nonce state to desynchronize between the peers,
resulting in a failure to encrypt all subsequent messages.
published: 2022-02-15T01:57:18Z
last_modified: 2022-04-12T22:48:22Z
ghsas:
- GHSA-g9mp-8g3h-3c5c
links:
pr: https://github.com/flynn/noise/pull/44