cve/CVE-2020-12403.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

POC

Reference

No PoCs from references.

Github

https://github.com/MrE-Fog/cryptofuzz
https://github.com/guidovranken/cryptofuzz

884 B Raw Blame History

CVE-2020-12403

Description

POC

Reference

Github

884 B

Raw Blame History