CVE-2023-26154

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26154

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26154.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-26154

Aliases

Published

2023-12-06T05:15:10Z

Modified

2024-09-03T04:26:06.202558Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.

Note:

In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.

References

Affected packages

Git / github.com/pubnub/c-core

Affected ranges

Type: GIT
Repo: https://github.com/pubnub/c-core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a6ce86532930dfd99375148ee5331f696c949d0c

Type: GIT
Repo: https://github.com/pubnub/go
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7aa3f35008f99cc868a5ed941dd47feac94df2af

Type: GIT
Repo: https://github.com/pubnub/javascript
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fb6cd0417cbb4ba87ea2d5d86a9c94774447e119

Type: GIT
Repo: https://github.com/pubnub/kotlin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

470571ba89f0c171b1d6dfbee0303c9a226f207a

Type: GIT
Repo: https://github.com/pubnub/swift
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

16f95e07c654a3feda1a00901677da40907a692a

Affected versions

1.*

1.0.0

1.2.0

2.*

2.0

2.0.0

2.0.1

2.0.2

2.1.0

2.1.1

2.1.2

2.2.0

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.5.3

3.*

3.0.1

3.1.0

3.1.1

3.1.2

3.1.3

3.10.0

3.10.2

3.10.3

3.11.0

3.12.0

3.13.0

3.14.0

3.14.1

3.14.2

3.14.3

3.14.4

3.14.5

3.14.7

3.15.1

3.15.2

3.6.4

3.7.1

3.7.1.1

3.7.10

3.7.11

3.7.12

3.7.13

3.7.14

3.7.15

3.7.16

3.7.17

3.7.18

3.7.19

3.7.2

3.7.20

3.7.21

3.7.22

3.7.23

3.7.8

3.7.9

3.8.0

3.9.0

3.9.1

3.9.2

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.1.0

4.1.1

4.1.2

4.21.7

5.*

5.0.0

5.0.1

5.1.0

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.1.0

6.2.0

6.2.1

6.2.2

6.2.3

6.3.0

7.*

7.0.0

7.1.0

bom-v0.*

bom-v0.1.0

bom-v0.2.0

bom-v0.2.1

kotlin-v7.*

kotlin-v7.2.0

kotlin-v7.3.0

kotlin-v7.3.1

kotlin-v7.3.2

kotlin-v7.4.0

kotlin-v7.4.1

kotlin-v7.4.2

kotlin-v7.4.3

kotlin-v7.5.0

kotlin-v7.6.0

memberships-v0.*

memberships-v0.1.0

memberships-v0.2.0

spaces-v0.*

spaces-v0.1.0

spaces-v0.2.0

users-v0.*

users-v0.1.0

users-v0.2.0

users-v0.2.1

v.*

v.2.8.3

v0.*

v0.1.3

v1.*

v1.0.0

v2.*

v2.10.0

v2.10.1

v2.10.2

v2.11.0

v2.11.1

v2.12.0

v2.12.1

v2.12.2

v2.12.5

v2.12.6

v2.12.7

v2.13.0

v2.14.0

v2.2.0

v2.2.10

v2.2.13

v2.2.14

v2.2.4

v2.2.7

v2.3.0

v2.3.1

v2.3.3

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.7.,0

v2.8.0

v2.8.1

v2.8.2

v2.8.4

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v3.*

v3.0.0

v3.1.0

v3.10.0

v3.11.0

v3.12.0

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.16.1

v3.2.0

v3.3.0

v3.3.1

v3.3.2

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.5.2

v3.7.0

v3.7.1

v3.9.3

v3.9.3-rc1

v3.9.3-rc2

v3.9.3-rc3

v3.9.4

v3.9.4.1

v3.9.4.2

v3.9.4.3

v4.*

v4.0.0

v4.0.0-rc.2

v4.0.0-rc.5

v4.0.1

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.10.0

v4.12.0

v4.13.0

v4.14.0

v4.15.0

v4.15.1

v4.16.0

v4.16.1

v4.16.2

v4.17.0

v4.18.0

v4.19.0

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.2.7

v4.20.1

v4.20.3

v4.21.0

v4.21.1

v4.21.2

v4.21.3

v4.21.5

v4.21.6

v4.22.0

v4.23.0

v4.24.2

v4.24.4

v4.24.5

v4.24.6

v4.25.0

v4.25.1

v4.25.2

v4.26.0

v4.26.1

v4.27.0

v4.27.1

v4.27.3

v4.27.4

v4.27.5

v4.27.6

v4.28.0

v4.28.1

v4.28.2

v4.28.3

v4.28.4

v4.29.0

v4.29.1

v4.29.10

v4.29.11

v4.29.2

v4.29.3

v4.29.4

v4.29.5

v4.29.6

v4.29.7

v4.29.8

v4.29.9

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.30.0

v4.30.1

v4.31.0

v4.32.0

v4.32.1

v4.33.0

v4.33.1

v4.34.0

v4.34.1

v4.34.2

v4.35.0

v4.36.0

v4.37.0

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.5.0

v4.6.0

v4.7.0

v4.8.0

v4.9.1

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.1.0

v6.2.0

v6.3.0

v7.*

v7.0.0

v7.0.1

v7.1.0

v7.1.1

v7.1.2

v7.2.0

v7.2.1

v7.2.2

v7.2.3

v7.3.0

v7.3.1

v7.3.2

v7.3.3