CVE-2020-25022
- Source
- https://cve.org/CVERecord?id=CVE-2020-25022
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25022.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-25022
- Published
- 2020-09-04T04:15:12.253Z
- Modified
- 2026-04-11T11:23:22.740925Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.
- References
-
- https://github.com/rweather/noise-java/pull/12
- http://packetstormsecurity.com/files/159055/Noise-Java-AESGCMFallbackCipherState.encryptWithAd-Insufficient-Boundary-Checks.html
- http://seclists.org/fulldisclosure/2020/Sep/11
- https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90
Affected packages
Git / github.com/rweather/noise-java
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rweather/noise-java
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/rweather/noise-java
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures_modified
"2026-04-11T11:23:22Z"
vanir_signatures
[
{
"id": "CVE-2020-25022-0b3f2627",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java",
"function": "encryptWithAd"
},
"deprecated": false,
"digest": {
"function_hash": "31696553789061348543954821442458380204",
"length": 1152.0
},
"signature_type": "Function",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-1283079e",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java",
"function": "decryptWithAd"
},
"deprecated": false,
"digest": {
"function_hash": "66898851433788692633400536516760569337",
"length": 1047.0
},
"signature_type": "Function",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-1a516728",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java",
"function": "decryptWithAd"
},
"deprecated": false,
"digest": {
"function_hash": "163635587722489269482405846284454599759",
"length": 956.0
},
"signature_type": "Function",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-2f800f26",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"248084885838146253345771771269370804417",
"140250448064229028853599927670278424096",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"306931882619861584162923184468321031823",
"311748548483982027723743522572240069704",
"77320385515136150135576332425983362513",
"83644315993127178577893805666991880187",
"89473546135236005693704407250573942399",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"188697535042500821947264476458022671669",
"194008130026071319719457212564746600541",
"194829075617753068576068964296557370506",
"288796742773005041722011406505574108000",
"281014321094192436150097193773785830219",
"217004687368679366954793008857463832015",
"280030657105869282452504007557863416519",
"45788093309745126740486596840635536428",
"228866721525578960286648948301435841419"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-3d884385",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java",
"function": "decryptWithAd"
},
"deprecated": false,
"digest": {
"function_hash": "267246413992864573047282012333591911877",
"length": 1402.0
},
"signature_type": "Function",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-5c06e154",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java",
"function": "encryptWithAd"
},
"deprecated": false,
"digest": {
"function_hash": "314004612045279238183079182966135327988",
"length": 799.0
},
"signature_type": "Function",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-77136b95",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"264329028219938384351945693844529751397",
"275378059430341761265592928712872113057",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"14113105530923163521229694919607104781",
"236868339578648112956584501549662705974",
"117432426538188597543604590651805810898",
"83644315993127178577893805666991880187",
"89473546135236005693704407250573942399",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"188697535042500821947264476458022671669",
"194008130026071319719457212564746600541",
"194829075617753068576068964296557370506",
"288796742773005041722011406505574108000",
"281014321094192436150097193773785830219",
"217004687368679366954793008857463832015",
"180123066045396832286909635187167941824",
"266252356298025946804680655516106737472",
"320247887393656219471853600774097330932"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-c22025f5",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java",
"function": "encryptWithAd"
},
"deprecated": false,
"digest": {
"function_hash": "14823959838769480757266236490617897185",
"length": 684.0
},
"signature_type": "Function",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
},
{
"id": "CVE-2020-25022-df74b1c4",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"248084885838146253345771771269370804417",
"140250448064229028853599927670278424096",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"14113105530923163521229694919607104781",
"236868339578648112956584501549662705974",
"117432426538188597543604590651805810898",
"83644315993127178577893805666991880187",
"89473546135236005693704407250573942399",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"188697535042500821947264476458022671669",
"194008130026071319719457212564746600541",
"194829075617753068576068964296557370506",
"288796742773005041722011406505574108000",
"281014321094192436150097193773785830219",
"217004687368679366954793008857463832015",
"180123066045396832286909635187167941824",
"266252356298025946804680655516106737472",
"320247887393656219471853600774097330932"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25022.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2020-08-27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2020-08-27."
}
]
}
]