rust-crypto demonstrates some strangeness in AES encryption - If you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. This may result in the exposure of sensitive information.
WS-2022-0158 - Medium Severity Vulnerability
A (mostly) pure-Rust implementation of various common cryptographic algorithms.
Library home page: https://crates.io/api/v1/crates/rust-crypto/0.2.36/download
Path to dependency file: /third_party/rust_crates/Cargo.toml
Path to vulnerable library: /third_party/rust_crates/Cargo.toml
Dependency Hierarchy: - :x: **rust-crypto-0.2.36.crate** (Vulnerable Library)
Found in base branch: master
rust-crypto demonstrates some strangeness in AES encryption - If you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. This may result in the exposure of sensitive information.
Publish Date: 2024-11-03
URL: WS-2022-0158
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here