We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21530



Description

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.

Reserved 2023-12-22 | Published 2024-10-02 | Updated 2024-10-02 | Assigner snyk


MEDIUM: 4.5CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:P

Problem types

Reusing a Nonce, Key Pair in Encryption

Credits

Kyle Petryszak

References

security.snyk.io/vuln/SNYK-RUST-COCOON-6028364

github.com/fadeevab/cocoon/issues/22

github.com/...ommit/1b6392173ce35db4736a94b62b2d2973f9a71441

rustsec.org/advisories/RUSTSEC-2023-0068.html

github.com/advisories/GHSA-6878-6wc2-pf5h

cve.org (CVE-2024-21530)

nvd.nist.gov (CVE-2024-21530)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21530

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.