Noise-Java suffers from an issue located in the AESGCMOnCtrCipherStateencryptWithAd() method defined in AESGCMOnCtrCipherStatejava, where multiple boundary checks are performed to prevent invalid length or offsets from being specified for the encrypt or copy operation However, some checks were found to be either incomplete or missing ...
Vulnerability title: Noise-Java AESGCMOnCtrCipherStateencryptWithAd() insufficient boundary checks
Author: Pietro Oliva
CVE: CVE-2020-25023
Vendor: Rhys Weatherley (Creator of Noise Framework's reference implementation in Java)
Product: Noise-Java
Affected version: No version information is currently available
Fixed version: Check latest comm ...