DescriptionGuilherme de Almeida Suckevicz
2020-10-06 20:14:05 UTC
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
Reference:
https://bugs.php.net/bug.php?id=79601
Comment 1Guilherme de Almeida Suckevicz
2020-10-06 20:14:22 UTC
Created php tracking bugs for this issue:
Affects: fedora-all [bug 1885736]
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 7
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS
Via RHSA-2021:2992 https://access.redhat.com/errata/RHSA-2021:2992
Comment 9Product Security DevOps Team
2021-08-03 13:06:58 UTC