Noise-Java suffers from an issue located in the ChaChaPolyCipherStateencryptWithAd() method defined in ChaChaPolyCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...
Vulnerability title: Noise-Java ChaChaPolyCipherStateencryptWithAd() insufficient boundary checks
Author: Pietro Oliva
CVE: CVE-2020-25021
Vendor: Rhys Weatherley (Creator of Noise Framework's reference implementation in Java)
Product: Noise-Java
Affected version: No version information is currently available
Fixed version: Check latest commi ...