Vulnerability Report: GO-2020-0009

CVE-2016-9123, GHSA-3fx4-7f69-5mmg
Affects: github.com/square/go-jose
Published: Apr 14, 2021
Modified: May 20, 2024

On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC with HMAC such that they can control how large the input buffer is when computing the HMAC authentication tag. This can can allow a manipulated ciphertext to be verified as authentic, opening the door for padding oracle attacks.

Affected Packages

Path

Go Versions

Symbols
github.com/square/go-jose/cipher

before v0.0.0-20160903044734-789a4c4bd4c1
3 unexported affected symbols
- cbcAEAD.Open
- cbcAEAD.Seal
- cbcAEAD.computeAuthTag
github.com/square/go-jose

before v0.0.0-20160903044734-789a4c4bd4c1
- JsonWebEncryption.Decrypt

Aliases

CVE-2016-9123
GHSA-3fx4-7f69-5mmg

References

https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96
https://www.openwall.com/lists/oss-security/2016/11/03/1
https://vuln.go.dev/ID/GO-2020-0009.json

Credits

Quan Nguyen from Google's Information Security Engineering Team

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL