Описание
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications
Impact
Timing attacks on Galois Field multiplications in this package. Successful exploitation would effectively allow a downgrade of the security guarantees of the XTS mode to the security guarantees of ECB mode, allowing block swapping, enabling identification of identical blocks, and rendering half of the XTS key obsolete. Timing attacks require specific conditions to be exploitable.
Patches
Patched in 2024.11.26
Workarounds
Upgrade the package
References
Пакеты
Наименование
Devolutions.XTS.NET
nuget
Затронутые версииВерсия исправления
< 2024.11.26
2024.11.26
Связанные уязвимости
nvd
около 1 года назад
Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks