Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak encryption and denial of service in github.com/flynn/noise
Vulnerability Description
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
noise 安全漏洞
Vulnerability Description
noise是Flynn开源的一个实现 noise 协议框架的 Go 包。 noise存在安全漏洞,该漏洞源于加密 2^64 消息后,Noise 协议实现的密码安全性减弱,并且存在潜在的拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A