Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Vulnerability Description
aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The vulnerability is fixed in 0.4.3.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
aes-gcm 数据伪造问题漏洞
Vulnerability Description
aes-gcm是aes-gcm开源的一种加密算法。 aes-gcm 0.4.3之前版本存在数据伪造问题漏洞,该漏洞源于解密时即使标签不正确,仍会暴露解密后的密文。
CVSS Information
N/A
Vulnerability Type
N/A