exploitDog

CVE-2021-37587

Опубликовано: 30 июл. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.

Ссылки

https://eprint.iacr.org/2020/460
Third Party Advisory
https://github.com/JHUISI/charm/issues/276
Issue Tracking
Third Party Advisory
https://jhuisi.github.io/charm/_modules/abenc_maabe_yj14.html
Patch
Third Party Advisory
https://jhuisi.github.io/charm/charm/schemes/abenc/abenc_dacmacs_yj14.html
Third Party Advisory
https://www2.hci.uni-hannover.de/papers/Tan2019.pdf
Technical Description
Third Party Advisory
https://eprint.iacr.org/2020/460
Third Party Advisory
https://github.com/JHUISI/charm/issues/276
Issue Tracking
Third Party Advisory
https://jhuisi.github.io/charm/_modules/abenc_maabe_yj14.html
Patch
Third Party Advisory
https://jhuisi.github.io/charm/charm/schemes/abenc/abenc_dacmacs_yj14.html
Third Party Advisory
https://www2.hci.uni-hannover.de/papers/Tan2019.pdf
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jhu:charm:0.43:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00181

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-327

Связанные уязвимости

GHSA-42c8-ghxg-4f28

CVSS3: 6.5

github

больше 3 лет назад

In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.

EPSS

Процентиль: 40%

0.00181

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-327