Описание
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
A flaw was found in Sequoia. This vulnerability allows a remote attacker to crash an application via sending a victim an encrypted message with a crafted Public Key Encrypted Session Key (PKESK) or Symmetric Key Encrypted Session Key (SKESK) packet, which causes aes_key_unwrap to panic when processing a short ciphertext.
Отчет
This vulnerability is rated Moderate for Red Hat. A remote attacker could crash an application using Sequoia by sending a specially crafted encrypted message. Successful exploitation requires high attack complexity and user interaction, as the victim must process the malicious message.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-monitor-rhel9 | Fix deferred | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-operator-bundle | Fix deferred | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-podvm-builder-rhel9 | Fix deferred | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-podvm-payload-rhel9 | Fix deferred | ||
| Confidential Compute Attestation | openshift-sandboxed-containers/osc-rhel9-operator | Fix deferred | ||
| Red Hat Enterprise Linux 10 | rust-rpm-sequoia | Fix deferred | ||
| Red Hat Enterprise Linux 10 | rust-sequoia-sq | Fix deferred | ||
| Red Hat Enterprise Linux 10 | rust-sequoia-sqv | Fix deferred | ||
| Red Hat Enterprise Linux 10 | trustee-guest-components | Fix deferred | ||
| Red Hat Enterprise Linux 9 | rust-rpm-sequoia | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext ...
Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short
EPSS
5.3 Medium
CVSS3