exploitDog

CVE-2023-26084

Опубликовано: 15 мар. 2023

Источник: nvd

CVSS3: 3.7

EPSS Низкий

Описание

The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.

Ссылки

https://github.com/ARM-software/AArch64cryptolib/security/advisories/GHSA-47c6-7x5x-r74g
Patch
Vendor Advisory
https://github.com/ARM-software/AArch64cryptolib/security/advisories/GHSA-47c6-7x5x-r74g
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arm:aarch64cryptolib:*:*:*:*:*:*:*:*

Версия до 2023-02-20 (исключая)

EPSS

Процентиль: 47%

0.00241

Низкий

3.7 Low

CVSS3

Дефекты

CWE-665

CWE-665

EPSS

Процентиль: 47%

0.00241

Низкий

3.7 Low

CVSS3

Дефекты

CWE-665

CWE-665