| id: GO-2022-0425 |
| modules: |
| - module: github.com/flynn/noise |
| versions: |
| - fixed: 1.0.0 |
| vulnerable_at: 0.0.0-20210422170017-fc2bb37e287b |
| packages: |
| - package: github.com/flynn/noise |
| symbols: |
| - CipherState.Encrypt |
| - CipherState.Decrypt |
| - symmetricState.EncryptAndHash |
| derived_symbols: |
| - HandshakeState.ReadMessage |
| - HandshakeState.WriteMessage |
| - symmetricState.DecryptAndHash |
| summary: Weak encryption and denial of service in github.com/flynn/noise |
| description: |- |
| The Noise protocol implementation suffers from weakened cryptographic security |
| after encrypting 2^64 messages, and a potential denial of service attack. |
| |
| After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, |
| the nonce counter will wrap around, causing multiple messages to be encrypted |
| with the same key and nonce. |
| |
| In a separate issue, the Decrypt function increments the nonce state even when |
| it fails to decrypt a message. If an attacker can provide an invalid input to |
| the Decrypt function, this will cause the nonce state to desynchronize between |
| the peers, resulting in a failure to encrypt all subsequent messages. |
| published: 2022-02-15T01:57:18Z |
| ghsas: |
| - GHSA-6cr6-fmvc-vw2p |
| - GHSA-g9mp-8g3h-3c5c |
| references: |
| - fix: https://github.com/flynn/noise/pull/44 |
| cve_metadata: |
| id: CVE-2021-4239 |
| cwe: 'CWE 400: Uncontrolled Resource Consumption' |
| review_status: REVIEWED |