Bug 2240268 (CVE-2023-42811) - CVE-2023-42811 aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Summary: CVE-2023-42811 aes-gcm: Plaintext exposed in decrypt_in_place_detached even o...
Keywords:
Status: NEW
Alias: CVE-2023-42811
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2240269 2240270
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-09-22 19:25 UTC by Pedro Sampaio
Modified: 2023-09-22 19:26 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2023-09-22 19:25:09 UTC 
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309
https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq
Comment 1 Pedro Sampaio 2023-09-22 19:26:51 UTC 
Created rust-aes-gcm tracking bugs for this issue:

Affects: epel-all [bug 2240270]
Affects: fedora-all [bug 2240269]
Note You need to log in before you can comment on or make changes to this bug.