CVE-2023-42811
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-42811
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42811.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-42811
- Aliases
- Downstream
- Related
- Published
- 2023-09-22T15:19:15Z
- Modified
- 2025-10-15T02:29:39.086470Z
- Severity
-
- 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N CVSS Calculator
- Summary
- AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
- Details
-
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplace_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the
aes-gcmcrate'sdecrypt_in_place*APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. - References
-
- https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq
- https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/
Affected packages
Git / github.com/RustCrypto/AEADs
Affected versions
aes-gcm-siv-v0.*
aes-gcm-siv-v0.11.0
aes-gcm-siv-v0.11.0-pre
aes-gcm-siv-v0.11.0-pre.1
aes-gcm-siv-v0.11.0-pre.2
aes-gcm-siv-v0.11.1
aes-gcm-v0.*
aes-gcm-v0.10.0
aes-gcm-v0.10.0-pre
aes-gcm-v0.10.0-pre.1
aes-gcm-v0.10.0-pre.2
aes-gcm-v0.10.1
aes-gcm-v0.10.2
aes-siv-v0.*
aes-siv-v0.7.0
aes-siv-v0.7.0-pre.1
ascon-aead-v0.*
ascon-aead-v0.4.2
ccm-v0.*
ccm-v0.5.0
ccm-v0.5.0-pre.1
chacha20poly1305-v0.*
chacha20poly1305-v0.10.0
chacha20poly1305-v0.10.0-pre.1
chacha20poly1305-v0.10.0-pre.2
chacha20poly1305-v0.10.1
deoxys-v0.*
deoxys-v0.1.0
deoxys-v0.1.0-pre.1
eax-v0.*
eax-v0.5.0
eax-v0.5.0-pre.1
mgm-v0.*
mgm-v0.5.0-pre.1
xsalsa20poly1305-v0.*
xsalsa20poly1305-v0.9.0
xsalsa20poly1305-v0.9.0-pre
xsalsa20poly1305-v0.9.0-pre.1
xsalsa20poly1305-v0.9.0-pre.2
xsalsa20poly1305/v0.*
xsalsa20poly1305/v0.9.1