CVE-2023-26154
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-26154
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26154.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-26154
- Aliases
- Published
- 2023-12-06T05:15:10Z
- Modified
- 2025-10-25T04:09:51.115575Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.
Note:
In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.
- References
-
- https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384
- https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374
- https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371
- https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380
- https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690
- https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376
- https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385
- https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375
- https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377
- https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378
- https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381
- https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379
- https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0
- https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119
- https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70
Affected packages
Git / github.com/pubnub/c-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pubnub/c-core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0
2.3.2
v.*
v.2.8.3
v2.*
v2.10.0
v2.10.1
v2.10.2
v2.11.0
v2.11.1
v2.12.0
v2.12.1
v2.12.2
v2.12.5
v2.12.6
v2.12.7
v2.13.0
v2.14.0
v2.2.0
v2.2.10
v2.2.13
v2.2.14
v2.2.4
v2.2.7
v2.3.0
v2.3.1
v2.3.3
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.7.,0
v2.8.0
v2.8.1
v2.8.2
v2.8.4
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v3.*
v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.3.1
v3.3.2
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.5.1
v3.5.2
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.1.0
v4.2.0
v4.2.1
v4.2.2
v4.3.0
v4.4.0
Database specific
vanir_signatures
[
{
"id": "CVE-2023-26154-09df987d",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 443.0,
"function_hash": "279394894446955958325923480656699046052"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pbcc_deinit",
"file": "core/pubnub_ccore_pubsub.c"
}
},
{
"id": "CVE-2023-26154-0a9047d0",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"249701583001989720445922049600151518353",
"45355990229200572024119840516354494427",
"166510522792739842312387762829130768958",
"256449777759752470081310767988622880692"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_pubsubapi.c"
}
},
{
"id": "CVE-2023-26154-0c911a52",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"49329955824955968055399290508098541010",
"252030758424748792309794578677029279177",
"81869672628869165037381554772136646943",
"65297528406504532438707111329981977134",
"315075858224514986668193869281610700146",
"287141977847585365536741541280957041883",
"210456196426194600368912870147107034138",
"163628236087159290111804822045356992669",
"148632328832605565007811008885383125004",
"187340943069630651365320782876527276366",
"114097858233067320257452000276983089732",
"148482550502203612110447816480566895952"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "openssl/pbaes256.c"
}
},
{
"id": "CVE-2023-26154-1285390e",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"128868071792281954225769654539804051438",
"137032599331518296999527888619478717181",
"223975656026619121963966180010845625944",
"176461383658242276564758482175053052956",
"138013597463074917021180670494518738055",
"83215864599476790627953593408875410395",
"72353110462651403460037257109017484885",
"151970593211640491025006232821777438865",
"246905789491804283505565977275108327244",
"169969937073678635732562303022346089033",
"241874559737720331627692810309845408737",
"306767809163595930577687214724506446867",
"41349053196281075703532479398063871913",
"216975981149794000062742545721921486936"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/test/pubnub_test_mocks.c"
}
},
{
"id": "CVE-2023-26154-14a908fe",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 1784.0,
"function_hash": "14998726883425876775305302005138939988"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pbcc_history_prep",
"file": "core/pubnub_ccore.c"
}
},
{
"id": "CVE-2023-26154-47c037d0",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 789.0,
"function_hash": "206295642410883834590479018563628472854"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pbcc_init",
"file": "core/pubnub_ccore_pubsub.c"
}
},
{
"id": "CVE-2023-26154-5143f5db",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"109373008492245522662250095602987389099",
"20596298539425229030980945740384682487",
"285775458641841352746946943180994480692",
"323815986539551708184439460554366932126",
"18874509566059782826445571092341387303",
"133738444726858685304809658311907906694",
"262988061733693388898799851226266314239",
"250173291682037731488187787825071183341"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_coreapi_ex.c"
}
},
{
"id": "CVE-2023-26154-55620899",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"279173794896293036874447539029052224760",
"114370412136492727190553672293611639513",
"274328920486990984952473457209586124461",
"55202381016454580004915108532927208780",
"318500704190036622129016094510119976585",
"257355552392596992656243838614304831785",
"186541649638686865626746791887118248214",
"212122612828882685736988963770335166822",
"263064574873041843441022478749020701847",
"185435380390682010443240612921775762207",
"58759602210768893451123361161145991635",
"4823305886433336930549087817519476071",
"244094222622356711810462397782090276168",
"201851619008996726539797289919114918617",
"104332526485178766375104505438293531455",
"186949794005033224380523271345605499821",
"77212562561683656360949398501040257938",
"77747347385631726359772324293680413273",
"193662605155659924558465636144323684882",
"247557726755378448813373382213716414877",
"24117030953854859328086575420020411524",
"169715748000031355813321273721337884930",
"172206499540053007019092923007207406022",
"249513868485492822072653162796303513644",
"189713328515446191151316519761241899058",
"33680204244051519347089559159624083918",
"65797167814754696853421186794113741658",
"160031662186961901028982332487890951473",
"171187638001363122474854559013601534779",
"26969397073675335447759391876363110810",
"339358967392995392086352981092635766494",
"185614772792264609275003599484884313256"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_crypto.c"
}
},
{
"id": "CVE-2023-26154-5b6baade",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 1293.0,
"function_hash": "320035735928608315279197631067536737698"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pubnub_publish_ex",
"file": "core/pubnub_coreapi_ex.c"
}
},
{
"id": "CVE-2023-26154-61d9f26e",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"313980738045200257790546608513704397851",
"260862437257856503331415506033602123117",
"160717234621735415065196093385871426055"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_ccore.c"
}
},
{
"id": "CVE-2023-26154-66f0fb1f",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 511.0,
"function_hash": "199400009707397912260228411738714620674"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pubnub_get_decrypted_alloc",
"file": "core/pubnub_crypto.c"
}
},
{
"id": "CVE-2023-26154-6c913ddc",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"88246156400016334697325535341790083614",
"188507980858667604927613926180544762907",
"89980707465734815315070807309817962780",
"209519653857869512363069869771912169653",
"68369948552019568749031126754841731438",
"158484494679917168325563483538930120390",
"194201888452170826653535048817626842345",
"76214984372852460801322186878723756298"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_ccore_pubsub.h"
}
},
{
"id": "CVE-2023-26154-749ff96a",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"83318344986026709655906763067811898970",
"336533796159099750465440395042445533414",
"176591944404042853855986940032396000703",
"238920479764732945904081488206529626333",
"58303161184518631693212420006262843203",
"289801307539234689259929057918122516999",
"153849387984482218393490765318075483950",
"227702822184613748424494292895730821874",
"313264028208694848818081905483789509502",
"266291305287146116945917858225204568499",
"326616454463631545676379412691114214137",
"237054282267535196449910592260473326",
"150006959172355344504652898107062286023",
"82836770216207126929451715706980534398"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_crypto.h"
}
},
{
"id": "CVE-2023-26154-94fdc05f",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"170440569409540633781803079754643068680",
"333066747235642461241972608712556799640",
"153840449884793153242676042158212880662",
"6155134542699534724867488949983367670",
"154168974749334702681066321799622438670",
"142818794438125545267660788890908561803",
"101978596426370923128436871161223167978",
"273183716909232209255691537450282132915"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_internal_common.h"
}
},
{
"id": "CVE-2023-26154-a389b0b3",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 2353.0,
"function_hash": "194305312153861860207983483040867634230"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pubnub_init",
"file": "core/pubnub_pubsubapi.c"
}
},
{
"id": "CVE-2023-26154-af27d48c",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"169281994690283666121821589919786715593",
"271695524219458680205904523934345536823",
"217049368326781514758315538884000789058",
"75280803199273418275415471409094840051",
"223266152447360757126387622455647142494",
"70728187942713004091614205781489199451",
"43415872652756072537480629593703845671",
"147445166241139918577660808183375278945",
"40274270410551770302041733398333778554",
"312269394209857749374106504429116251017",
"263208220882981935651835607473724966292",
"15247224715971310254028680215421746276",
"178044520807050591683220254143935889289",
"16598160912758722134135557555261449238",
"91632102791589118758195918629899943481",
"199685290001547886725174305634373188840",
"46584724842085755034029215058241715107",
"324916669060142701282965668034803733654",
"149055398227831238340642552622252360230",
"301572664709423420855659810826775326960",
"157842924396024147896509811752542261798",
"325027921109304958183522622396060152439",
"79142242452395617246663547332023390437",
"50503076921448665539840355501439843389",
"9490819141188987922279878235521975311",
"284711094037584437184864981670569760704",
"62340269126085743161032465983154534848",
"109322379710842442629630573461997805956"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/pubnub_ccore_pubsub.c"
}
},
{
"id": "CVE-2023-26154-b64fe809",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"275084871546959492291517025208875072130",
"262120206641749812382261027807927243015",
"102354456689588617000556973751068376613",
"40188729569504621749830677957633594537",
"113519138775034770754161337484802469059",
"299490360425379522243878986491490164894",
"70320880051941954330406581470363999969",
"84279135900185812248832119307853911913",
"155914860869793313183418291074203415976",
"118606993492226251166414204424436136788",
"116174909076230694368080572084038924638"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "cpp/pubnub_common.hpp"
}
},
{
"id": "CVE-2023-26154-bc060215",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 668.0,
"function_hash": "82509143253227347687509053400338768322"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pbaes256_decrypt_alloc",
"file": "openssl/pbaes256.c"
}
},
{
"id": "CVE-2023-26154-c39f9c01",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"202873441161868995606004190380301191381",
"71366869107608239985057964406552269900",
"120936058674105286588012878128779335835",
"39868989597255662761169019963084449981",
"279723946097720103978004669213337267576",
"25841253016626817060699197012937007225",
"126041127502675359582136466082687141024",
"40148719626314818118434277986131249894",
"47962663022774430698948251402600263884",
"301147347242624154497592145541172636773"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "qt/pubnub_qt.h"
}
},
{
"id": "CVE-2023-26154-ce3e1727",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 773.0,
"function_hash": "149174003986492679519472098064249729079"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pubnub_get_decrypted",
"file": "core/pubnub_crypto.c"
}
},
{
"id": "CVE-2023-26154-d50fd5e2",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 1662.0,
"function_hash": "129922769441622209803377840905380690668"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pbcc_publish_prep",
"file": "core/pubnub_ccore_pubsub.c"
}
},
{
"id": "CVE-2023-26154-eb93c720",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 1593.0,
"function_hash": "187541078432823295261821556239540512041"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pbcc_subscribe_prep",
"file": "core/pubnub_ccore_pubsub.c"
}
},
{
"id": "CVE-2023-26154-f473aaa7",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"line_hashes": [
"38607029149923004836639539115607944422",
"315754870395944855629395215879703149277",
"143117017115720608928008304351638653357"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "core/test/pubnub_test_mocks.h"
}
},
{
"id": "CVE-2023-26154-faab25e4",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 781.0,
"function_hash": "145848167581374231840775421551417135782"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "do_decrypt",
"file": "openssl/pbaes256.c"
}
},
{
"id": "CVE-2023-26154-fe880dc1",
"source": "https://github.com/pubnub/c-core/commit/a6ce86532930dfd99375148ee5331f696c949d0c",
"digest": {
"length": 324.0,
"function_hash": "248005231775294753103117611514363251349"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "pbcc_get_msg",
"file": "core/pubnub_ccore_pubsub.c"
}
}
]
Git / github.com/pubnub/c-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pubnub/go
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
3.*
3.8.0
v3.*
v3.10.0
v3.11.0
v3.12.0
v3.13.0
v3.14.0
v3.15.0
v3.16.0
v3.16.1
v3.7.0
v3.7.1
v3.9.3
v3.9.3-rc1
v3.9.3-rc2
v3.9.3-rc3
v3.9.4
v3.9.4.1
v3.9.4.2
v3.9.4.3
v4.*
v4.0.0-rc.2
v4.0.0-rc.5
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.2.7
v4.3.0
v4.3.1
v4.4.0
Git / github.com/pubnub/c-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pubnub/javascript
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
3.*
3.10.0
3.10.2
3.10.3
3.11.0
3.12.0
3.13.0
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.14.5
3.14.7
3.15.1
3.15.2
3.6.4
3.7.1
3.7.1.1
3.7.10
3.7.11
3.7.12
3.7.13
3.7.14
3.7.15
3.7.16
3.7.17
3.7.18
3.7.19
3.7.2
3.7.20
3.7.21
3.7.22
3.7.23
3.7.8
3.7.9
3.8.0
3.9.0
3.9.1
3.9.2
4.*
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.21.7
v4.*
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.10.0
v4.12.0
v4.13.0
v4.14.0
v4.15.0
v4.15.1
v4.16.0
v4.16.1
v4.16.2
v4.17.0
v4.18.0
v4.19.0
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.20.1
v4.20.3
v4.21.0
v4.21.1
v4.21.2
v4.21.3
v4.21.5
v4.21.6
v4.22.0
v4.23.0
v4.24.2
v4.24.4
v4.24.5
v4.24.6
v4.25.0
v4.25.1
v4.25.2
v4.26.0
v4.26.1
v4.27.0
v4.27.1
v4.27.3
v4.27.4
v4.27.5
v4.27.6
v4.28.0
v4.28.1
v4.28.2
v4.28.3
v4.28.4
v4.29.0
v4.29.1
v4.29.10
v4.29.11
v4.29.2
v4.29.3
v4.29.4
v4.29.5
v4.29.6
v4.29.7
v4.29.8
v4.29.9
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.30.0
v4.30.1
v4.31.0
v4.32.0
v4.32.1
v4.33.0
v4.33.1
v4.34.0
v4.34.1
v4.34.2
v4.35.0
v4.36.0
v4.37.0
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.5.0
v4.6.0
v4.7.0
v4.8.0
v4.9.1
v5.*
v5.0.0
v5.0.1
v7.*
v7.0.0
v7.0.1
v7.1.1
v7.1.2
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v7.3.0
v7.3.1
v7.3.2
v7.3.3
Git / github.com/pubnub/c-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pubnub/kotlin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
5.*
5.0.1
bom-v0.*
bom-v0.1.0
bom-v0.2.0
bom-v0.2.1
kotlin-v7.*
kotlin-v7.2.0
kotlin-v7.3.0
kotlin-v7.3.1
kotlin-v7.3.2
kotlin-v7.4.0
kotlin-v7.4.1
kotlin-v7.4.2
kotlin-v7.4.3
kotlin-v7.5.0
kotlin-v7.6.0
memberships-v0.*
memberships-v0.1.0
memberships-v0.2.0
spaces-v0.*
spaces-v0.1.0
spaces-v0.2.0
users-v0.*
users-v0.1.0
users-v0.2.0
users-v0.2.1
v0.*
v0.1.3
v1.*
v1.0.0
v5.*
v5.0.0
v5.0.2
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.1.0
v6.2.0
v6.3.0
v7.*
v7.0.0
v7.0.1
v7.1.0
Database specific
vanir_signatures
[
{
"id": "CVE-2023-26154-293f88c4",
"source": "https://github.com/pubnub/kotlin/commit/470571ba89f0c171b1d6dfbee0303c9a226f207a",
"digest": {
"length": 327.0,
"function_hash": "299601891033516911665318975151860805678"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "hexStringToByteArray",
"file": "src/main/java/com/pubnub/api/vendor/Crypto.java"
}
},
{
"id": "CVE-2023-26154-b67e05cc",
"source": "https://github.com/pubnub/kotlin/commit/470571ba89f0c171b1d6dfbee0303c9a226f207a",
"digest": {
"line_hashes": [
"324692444986086171989649768284275507572",
"79667637189430235192086371020522433633",
"163238738300543076175995926977933876076",
"339279797478763287111491504993829822955",
"181733299869404431477778601640661053818",
"50985283551158307892953966047102733657",
"96753548580477580393173968117918185046",
"88427922842827250020406778909258349589",
"122312010211978206112456540439756100011",
"150477045096898226915187624132574018232",
"9122855812362727751958249425098467708",
"103943000037269972388750661672530145298",
"315956805485356158490115165345475785457",
"50581951242555964516977631068027905908",
"295129187655462203934949256438717049686",
"80035826867542664410920100205293199350",
"226495591446190216242611819274196700619",
"154482383116129594059505052682944496563",
"240287985834085949328714574137899356918",
"263614228208308502915330587121545097053",
"251731434063343410529751682891862494485",
"118506843768009611870782588963812649532",
"86633409715686129834554938173636523371",
"150899081587092235265304010368040047937",
"232807076033194438079565295551822690165",
"272037105304913568189992829449820795254",
"6375442847374810298945830083748851577"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/main/java/com/pubnub/api/vendor/Crypto.java"
}
},
{
"id": "CVE-2023-26154-f58dd714",
"source": "https://github.com/pubnub/kotlin/commit/470571ba89f0c171b1d6dfbee0303c9a226f207a",
"digest": {
"length": 262.0,
"function_hash": "147597975298461450842638564909004078287"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "md5",
"file": "src/main/java/com/pubnub/api/vendor/Crypto.java"
}
}
]
Git / github.com/pubnub/c-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pubnub/swift
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.2.0
2.*
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.2.0
2.3.0
2.3.1
2.3.2
2.3.3
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1
2.5.2
2.5.3
3.*
3.0.1
3.1.0
3.1.1
3.1.2
3.1.3
4.*
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2
5.*
5.0.0
5.0.1
5.1.0
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.1.0
6.2.0
6.2.1
6.2.2
6.2.3
6.3.0
7.*
7.0.0
7.1.0