Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces
Vulnerability Description
netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
信息暴露
Vulnerability Title
netty-incubator-codec-ohttp 安全漏洞
Vulnerability Description
netty-incubator-codec-ohttp是Netty社区的一款应用程序。 netty-incubator-codec-ohttp 0.0.11.Final之前版本存在安全漏洞,该漏洞源于会跟踪已发送的OHTTP响应数量,并使用此序列号计算与加密算法一起使用的适当随机数,这将允许攻击者导致序列号溢出,从而使随机数重复。
CVSS Information
N/A
Vulnerability Type
N/A