blob: 7100338d3a399d9b3c62f833829afd5871af843b [file] [log] [blame]
id: GO-2022-0425
modules:
- module: github.com/flynn/noise
versions:
- fixed: 1.0.0
vulnerable_at: 0.0.0-20210422170017-fc2bb37e287b
packages:
- package: github.com/flynn/noise
symbols:
- CipherState.Encrypt
- CipherState.Decrypt
- symmetricState.EncryptAndHash
derived_symbols:
- HandshakeState.ReadMessage
- HandshakeState.WriteMessage
- symmetricState.DecryptAndHash
summary: Weak encryption and denial of service in github.com/flynn/noise
description: |-
The Noise protocol implementation suffers from weakened cryptographic security
after encrypting 2^64 messages, and a potential denial of service attack.
After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function,
the nonce counter will wrap around, causing multiple messages to be encrypted
with the same key and nonce.
In a separate issue, the Decrypt function increments the nonce state even when
it fails to decrypt a message. If an attacker can provide an invalid input to
the Decrypt function, this will cause the nonce state to desynchronize between
the peers, resulting in a failure to encrypt all subsequent messages.
published: 2022-02-15T01:57:18Z
ghsas:
- GHSA-6cr6-fmvc-vw2p
- GHSA-g9mp-8g3h-3c5c
references:
- fix: https://github.com/flynn/noise/pull/44
cve_metadata:
id: CVE-2021-4239
cwe: 'CWE 400: Uncontrolled Resource Consumption'
review_status: REVIEWED