Approved changes feed: RSS · Atom
cpe:2.3:a:aes-gcm_project:aes-gcm:*:*:*:*:*:rust:*:*
part: a version: * update: *
| Vendor | Aes Gcm Project (2503bdf4-f544-518b-999c-169fb2187c9c) |
|---|---|
| Product | Aes Gcm (dca19680-09dc-52a5-bc35-81c538eb343a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | rust |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-42811 |
vulnerable | 2026-06-08 06:11:09.546013 |
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
MEDIUM (4.7)
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.
Published: 2023-09-22T15:19:15.445Z
Updated: 2025-06-18T14:22:56.534Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.