x/vulndb: add reports/GO-2022-0425.yaml for GHSA-g9mp-8g3h-3c5c
Fixes golang/vulndb#0425
Change-Id: I01dfd1dc9ca4e115dbf8c79b9b91f42e92ecb6c2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414715
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
diff --git a/reports/GO-2022-0425.yaml b/reports/GO-2022-0425.yaml
new file mode 100644
index 0000000..b3fef4a
--- /dev/null
+++ b/reports/GO-2022-0425.yaml
@@ -0,0 +1,33 @@
+packages:
+ - module: github.com/flynn/noise
+ symbols:
+ - CipherState.Encrypt
+ - CipherState.Decrypt
+ - symmetricState.EncryptAndHash
+ derived_symbols:
+ - HandshakeState.ReadMessage
+ - HandshakeState.WriteMessage
+ - symmetricState.DecryptAndHash
+ versions:
+ - fixed: 1.0.0
+ vulnerable_at: 0.0.0-20210422170017-fc2bb37e287b
+description: |
+ The Noise protocol implementation suffers from weakened
+ cryptographic security after encrypting 2^64 messages, and a
+ potential denial of service attack.
+
+ After 2^64 (~18.4 quintillion) messages are encrypted with the
+ Encrypt function, the nonce counter will wrap around, causing
+ multiple messages to be encrypted with the same key and nonce.
+
+ In a separate issue, the Decrypt function increments the nonce
+ state even when it fails to decrypt a message. If an attacker
+ can provide an invalid input to the Decrypt function, this will
+ cause the nonce state to desynchronize between the peers,
+ resulting in a failure to encrypt all subsequent messages.
+published: 2022-02-15T01:57:18Z
+last_modified: 2022-04-12T22:48:22Z
+ghsas:
+ - GHSA-g9mp-8g3h-3c5c
+links:
+ pr: https://github.com/flynn/noise/pull/44
