An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:noise-java_project:noise-java:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "2020-08-27"
}
],
"vendor_product": "noise-java_project:noise-java",
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"fixed": "2020-08-27"
}
],
"source": "DESCRIPTION"
}
]
}[
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "31696553789061348543954821442458380204",
"length": 1152.0
},
"deprecated": false,
"id": "CVE-2020-25022-0b3f2627",
"target": {
"function": "encryptWithAd",
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "66898851433788692633400536516760569337",
"length": 1047.0
},
"deprecated": false,
"id": "CVE-2020-25022-1283079e",
"target": {
"function": "decryptWithAd",
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "163635587722489269482405846284454599759",
"length": 956.0
},
"deprecated": false,
"id": "CVE-2020-25022-1a516728",
"target": {
"function": "decryptWithAd",
"file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"248084885838146253345771771269370804417",
"140250448064229028853599927670278424096",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"306931882619861584162923184468321031823",
"311748548483982027723743522572240069704",
"77320385515136150135576332425983362513",
"83644315993127178577893805666991880187",
"89473546135236005693704407250573942399",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"188697535042500821947264476458022671669",
"194008130026071319719457212564746600541",
"194829075617753068576068964296557370506",
"288796742773005041722011406505574108000",
"281014321094192436150097193773785830219",
"217004687368679366954793008857463832015",
"280030657105869282452504007557863416519",
"45788093309745126740486596840635536428",
"228866721525578960286648948301435841419"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-25022-2f800f26",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "267246413992864573047282012333591911877",
"length": 1402.0
},
"deprecated": false,
"id": "CVE-2020-25022-3d884385",
"target": {
"function": "decryptWithAd",
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMOnCtrCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "314004612045279238183079182966135327988",
"length": 799.0
},
"deprecated": false,
"id": "CVE-2020-25022-5c06e154",
"target": {
"function": "encryptWithAd",
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"264329028219938384351945693844529751397",
"275378059430341761265592928712872113057",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"14113105530923163521229694919607104781",
"236868339578648112956584501549662705974",
"117432426538188597543604590651805810898",
"83644315993127178577893805666991880187",
"89473546135236005693704407250573942399",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"188697535042500821947264476458022671669",
"194008130026071319719457212564746600541",
"194829075617753068576068964296557370506",
"288796742773005041722011406505574108000",
"281014321094192436150097193773785830219",
"217004687368679366954793008857463832015",
"180123066045396832286909635187167941824",
"266252356298025946804680655516106737472",
"320247887393656219471853600774097330932"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-25022-77136b95",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "14823959838769480757266236490617897185",
"length": 684.0
},
"deprecated": false,
"id": "CVE-2020-25022-c22025f5",
"target": {
"function": "encryptWithAd",
"file": "src/main/java/com/southernstorm/noise/protocol/ChaChaPolyCipherState.java"
}
},
{
"source": "https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"248084885838146253345771771269370804417",
"140250448064229028853599927670278424096",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"14113105530923163521229694919607104781",
"236868339578648112956584501549662705974",
"117432426538188597543604590651805810898",
"83644315993127178577893805666991880187",
"89473546135236005693704407250573942399",
"330457463062443688678293515174674062873",
"55048163030964998224381313280347382784",
"188697535042500821947264476458022671669",
"194008130026071319719457212564746600541",
"194829075617753068576068964296557370506",
"288796742773005041722011406505574108000",
"281014321094192436150097193773785830219",
"217004687368679366954793008857463832015",
"180123066045396832286909635187167941824",
"266252356298025946804680655516106737472",
"320247887393656219471853600774097330932"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2020-25022-df74b1c4",
"target": {
"file": "src/main/java/com/southernstorm/noise/protocol/AESGCMFallbackCipherState.java"
}
}
]
"2026-07-09T00:06:44Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25022.json"