漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Robustness weakness in AWS KMS and Encryption SDKs
Vulnerability Description
A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
Vulnerability Type
加密问题
Vulnerability Title
Amazon AWS Encryption SDK 加密问题漏洞
Vulnerability Description
Amazon AWS Encryption SDK是美国亚马逊(Amazon)公司的一个应用于加密的开发工具包。 AWS Encryption SDK存在安全漏洞,该漏洞源于SDK使用了AES-GCM(以及其他AEAD密码,例如AES-GCM-SIV或(X)ChaCha20Poly1305)的非提交属性来加密消息,攻击者可以制作独特的密文,该密文将解密为多个不同的密文。以下产品及版本受到影响:Java, Python, C and Javalcript SDK 2.0.0版本之前。
CVSS Information
N/A
Vulnerability Type
N/A