CVE-2020-25021

Source
https://cve.org/CVERecord?id=CVE-2020-25021
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25021.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25021
Published
2020-09-04T04:15:12.140Z
Modified
2026-07-09T00:06:45.377933Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:noise-java_project:noise-java:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "2020-08-27"
                }
            ],
            "vendor_product": "noise-java_project:noise-java",
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "fixed": "2020-08-27"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/rweather/noise-java

Affected ranges

Type
GIT
Repo
https://github.com/rweather/noise-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "31696553789061348543954821442458380204",
            "length": 1152.0
        },
        "deprecated": false,
        "id": "CVE-2020-25021-0b3f2627",
        "target": {
            "function": "encryptWithAd",
            "file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "66898851433788692633400536516760569337",
            "length": 1047.0
        },
        "deprecated": false,
        "id": "CVE-2020-25021-1283079e",
        "target": {
            "function": "decryptWithAd",
            "file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "163635587722489269482405846284454599759",
            "length": 956.0
        },
        "deprecated": false,
        "id": "CVE-2020-25021-1a516728",
        "target": {
            "function": "decryptWithAd",
            "file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "248084885838146253345771771269370804417",
                "140250448064229028853599927670278424096",
                "330457463062443688678293515174674062873",
                "55048163030964998224381313280347382784",
                "306931882619861584162923184468321031823",
                "311748548483982027723743522572240069704",
                "77320385515136150135576332425983362513",
                "83644315993127178577893805666991880187",
                "89473546135236005693704407250573942399",
                "330457463062443688678293515174674062873",
                "55048163030964998224381313280347382784",
                "188697535042500821947264476458022671669",
                "194008130026071319719457212564746600541",
                "194829075617753068576068964296557370506",
                "288796742773005041722011406505574108000",
                "281014321094192436150097193773785830219",
                "217004687368679366954793008857463832015",
                "280030657105869282452504007557863416519",
                "45788093309745126740486596840635536428",
                "228866721525578960286648948301435841419"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2020-25021-2f800f26",
        "target": {
            "file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "267246413992864573047282012333591911877",
            "length": 1402.0
        },
        "deprecated": false,
        "id": "CVE-2020-25021-3d884385",
        "target": {
            "function": "decryptWithAd",
            "file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "314004612045279238183079182966135327988",
            "length": 799.0
        },
        "deprecated": false,
        "id": "CVE-2020-25021-5c06e154",
        "target": {
            "function": "encryptWithAd",
            "file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "264329028219938384351945693844529751397",
                "275378059430341761265592928712872113057",
                "330457463062443688678293515174674062873",
                "55048163030964998224381313280347382784",
                "14113105530923163521229694919607104781",
                "236868339578648112956584501549662705974",
                "117432426538188597543604590651805810898",
                "83644315993127178577893805666991880187",
                "89473546135236005693704407250573942399",
                "330457463062443688678293515174674062873",
                "55048163030964998224381313280347382784",
                "188697535042500821947264476458022671669",
                "194008130026071319719457212564746600541",
                "194829075617753068576068964296557370506",
                "288796742773005041722011406505574108000",
                "281014321094192436150097193773785830219",
                "217004687368679366954793008857463832015",
                "180123066045396832286909635187167941824",
                "266252356298025946804680655516106737472",
                "320247887393656219471853600774097330932"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2020-25021-77136b95",
        "target": {
            "file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "14823959838769480757266236490617897185",
            "length": 684.0
        },
        "deprecated": false,
        "id": "CVE-2020-25021-c22025f5",
        "target": {
            "function": "encryptWithAd",
            "file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java"
        }
    },
    {
        "source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "248084885838146253345771771269370804417",
                "140250448064229028853599927670278424096",
                "330457463062443688678293515174674062873",
                "55048163030964998224381313280347382784",
                "14113105530923163521229694919607104781",
                "236868339578648112956584501549662705974",
                "117432426538188597543604590651805810898",
                "83644315993127178577893805666991880187",
                "89473546135236005693704407250573942399",
                "330457463062443688678293515174674062873",
                "55048163030964998224381313280347382784",
                "188697535042500821947264476458022671669",
                "194008130026071319719457212564746600541",
                "194829075617753068576068964296557370506",
                "288796742773005041722011406505574108000",
                "281014321094192436150097193773785830219",
                "217004687368679366954793008857463832015",
                "180123066045396832286909635187167941824",
                "266252356298025946804680655516106737472",
                "320247887393656219471853600774097330932"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2020-25021-df74b1c4",
        "target": {
            "file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java"
        }
    }
]
vanir_signatures_modified
"2026-07-09T00:06:45Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25021.json"