OSV-2020-833

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/cryptofuzz/OSV-2020-833.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-833

Published

2020-07-14T22:13:39.041123Z

Modified

2022-04-13T03:04:35.071517Z

Summary

Heap-buffer-overflow in Hacl_Chacha20PolyNUMBER_256_aead_decrypt

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23934

Crash type: Heap-buffer-overflow READ 1
Crash state:
Hacl_Chacha20PolyNUMBER_256_aead_decrypt
ChaCha20PolyNUMBER_Open
sftk_ChaCha20PolyNUMBER_Decrypt

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23934

Affected packages

OSS-Fuzz / cryptofuzz

Package

Name: cryptofuzz
Purl: pkg:generic/cryptofuzz

Affected ranges

Type: GIT
Repo: https://github.com/guidovranken/cryptofuzz
Events: Introduced

2619bffde72e48bfe5a572776783bf92615b7c05

Fixed

7b97d7fbad5d847074ffb0a8cbe14778d78e28ca

Ecosystem specific

{
    "introduced_range": "9a08637f4aa56f0da3c8b1f4f363c7ec7a933a75:bb51393c0d141478d0255f1bd1ee06eb845edeb2",
    "fixed_range": "919fa5710aec81c21dc26492e499ae541042e68c:7b97d7fbad5d847074ffb0a8cbe14778d78e28ca",
    "severity": "MEDIUM"
}