CVE-2023-42811

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

aes-gcm es una implementación Rust pura de AES-GCM. A partir de la versión 0.10.0 y antes de la versión 0.10.3, en la implementación AES GCM de decrypt_in_place_detached, el texto cifrado descifrado (es decir, el texto plano correcto) se expone incluso si falla la verificación de la etiqueta. Si un programa que utiliza las API `decrypt_in_place*` de la caja `aes-gcm` accede al búfer después de un error de descifrado, contendrá un descifrado de una entrada no autenticada. Dependiendo de la naturaleza específica del programa, esto puede permitir Chosen Ciphertext Attacks (CCA), que pueden provocar una rotura catastrófica del cifrado, incluida la recuperación completa del texto plano. La versión 0.10.3 contiene una solución para este problema.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-09-14 CVE Reserved
2023-09-22 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-09-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (5)

URL	Tag	Source
https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309	Product
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF	Mailing List

URL	Date	SRC
https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Aes-gcm Project Search vendor "Aes-gcm Project"		Aes-gcm Search vendor "Aes-gcm Project" for product "Aes-gcm"				>= 0.10.0 < 0.10.3 Search vendor "Aes-gcm Project" for product "Aes-gcm" and version " >= 0.10.0 < 0.10.3"		rust		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				39 Search vendor "Fedoraproject" for product "Fedora" and version "39"		-		Affected