Описание
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
The openssl gem for Ruby uses the same initialization vector (IV) in G ...
OpenSSL gem for Ruby using inadequate encryption strength
EPSS
7.5 High
CVSS3
5 Medium
CVSS2