Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deno's AES GCM authentication tags are not verified
Vulnerability Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Deno 数据伪造问题漏洞
Vulnerability Description
Deno是Deno开源的一个简单、现代且安全的 JavaScript 和 TypeScript 运行环境。 Deno 1.46.0至2.1.6版本存在数据伪造问题漏洞,该漏洞源于AES-256-GCM和AES-128-GCM未验证认证标签,可能导致完整性保护失效。
CVSS Information
N/A
Vulnerability Type
N/A