| module: github.com/square/go-jose |
| package: github.com/square/go-jose/cipher |
| additional_packages: |
| - module: github.com/square/go-jose |
| symbols: |
| - JsonWebEncryption.Decrypt |
| - JsonWebEncryption.DecryptMulti |
| versions: |
| - fixed: v0.0.0-20160903044734-789a4c4bd4c1 |
| description: | |
| On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC |
| with HMAC such that they can control how large the input buffer is when computing |
| the HMAC authentication tag. This can can allow a manipulated ciphertext to be |
| verified as authentic, opening the door for padding oracle attacks. |
| cves: |
| - CVE-2016-9123 |
| credit: Quan Nguyen from Google's Information Security Engineering Team |
| symbols: |
| - cbcAEAD.computeAuthTag |
| arch: |
| - "386" |
| - arm |
| - armbe |
| - amd64p32 |
| - mips |
| - mipsle |
| - mips64p32 |
| - mips64p32le |
| - ppc |
| - riscv |
| - s390 |
| - sparc |
| links: |
| commit: https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96 |
| context: |
| - https://www.openwall.com/lists/oss-security/2016/11/03/1 |
