Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks
Posted by deepcore on September 5, 2020 – 8:43 am
Noise-Java suffers from an issue located in the AESGCMFallbackCipherState.encryptWithAd() method defined in AESGCMFallbackCipherState.java, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation. However, some checks were found to be either incomplete or missing.
Post a reply
You must be logged in to post a comment.