Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-26084

Published: 15/03/2023 Updated: 22/03/2023
CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Aarch64cryptolib

Vulnerability Summary

The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib prior to 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.

Vulnerable Product Search on Vulmon Subscribe to Product

arm aarch64cryptolib

References

CWE-665https://github.com/ARM-software/AArch64cryptolib/security/advisories/GHSA-47c6-7x5x-r74ghttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook