| packages: |
| - module: github.com/flynn/noise |
| symbols: |
| - CipherState.Encrypt |
| - CipherState.Decrypt |
| - symmetricState.EncryptAndHash |
| derived_symbols: |
| - HandshakeState.ReadMessage |
| - HandshakeState.WriteMessage |
| - symmetricState.DecryptAndHash |
| versions: |
| - fixed: 1.0.0 |
| vulnerable_at: 0.0.0-20210422170017-fc2bb37e287b |
| description: | |
| The Noise protocol implementation suffers from weakened |
| cryptographic security after encrypting 2^64 messages, and a |
| potential denial of service attack. |
| |
| After 2^64 (~18.4 quintillion) messages are encrypted with the |
| Encrypt function, the nonce counter will wrap around, causing |
| multiple messages to be encrypted with the same key and nonce. |
| |
| In a separate issue, the Decrypt function increments the nonce |
| state even when it fails to decrypt a message. If an attacker |
| can provide an invalid input to the Decrypt function, this will |
| cause the nonce state to desynchronize between the peers, |
| resulting in a failure to encrypt all subsequent messages. |
| published: 2022-02-15T01:57:18Z |
| last_modified: 2022-04-12T22:48:22Z |
| ghsas: |
| - GHSA-g9mp-8g3h-3c5c |
| links: |
| pr: https://github.com/flynn/noise/pull/44 |