Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cesanta Mongoose Poly1305 Authentication Tag tls_chacha20.c mg_chacha20_poly1305_decrypt signature verification
Vulnerability Description
A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Cesanta Mongoose 数据伪造问题漏洞
Vulnerability Description
Cesanta Mongoose是爱尔兰Cesanta公司的一套嵌入式服务器库,它包括TCP、HTTP客户端和服务器、WenSocket客户端和服务器等功能。 Cesanta Mongoose 7.20及之前版本存在数据伪造问题漏洞,该漏洞源于对组件Poly1305 Authentication Tag Handler中文件/src/tls_chacha20.c的函数mg_chacha20_poly1305_decrypt的错误操作,可能导致加密签名验证不当。
CVSS Information
N/A
Vulnerability Type
N/A