How severe is CVE-2023-42811?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-42811?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2023-42811 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.

Related Vulnerabilities

CVE-2018-10407

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary...

CWE-3472018

CVE-2020-1464

MEDIUM

CVSS:5.5(Medium)

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed ...

CWE-3472020

CVE-2020-16922

MEDIUM

CVSS:5.5(Medium)

<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly sign...

CWE-3472020

CVE-2020-8324

MEDIUM

CVSS:5.5(Medium)

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

CWE-3472020

CVE-2020-9226

MEDIUM

CVSS:5.5(Medium)

HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an atta...

CWE-3472020

CVE-2021-0152

MEDIUM

CVSS:5.5(Medium)

Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentia...

CWE-3472021