{"id":"CVE-2023-42811","summary":"AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure","details":"aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.","aliases":["GHSA-423w-p2w9-r7vq","RUSTSEC-2023-0096"],"modified":"2026-02-28T05:06:20.753131Z","published":"2023-09-22T15:19:15.445Z","related":["SUSE-SU-2023:4060-1","openSUSE-SU-2024:13315-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42811.json","cwe_ids":["CWE-347"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42811.json"},{"type":"ADVISORY","url":"https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBB6TBDAGEQ2WIINR34F3DPSN3FND6K/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYQCICN6BVC6I75O3F6W4VK4J3MOYDJU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U67ZSMNX5V3WTBYPUYF45PSFG4SF5SGF/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42811"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rustcrypto/aeads","events":[{"introduced":"2482bcb8a1684fad3dcbfeafdfaf2cfba632a795"},{"fixed":"7e82b01cd4901f6a35b5153536f11b87f5e4e622"}]}],"versions":["aes-gcm-siv-v0.11.0","aes-gcm-siv-v0.11.0-pre","aes-gcm-siv-v0.11.0-pre.1","aes-gcm-siv-v0.11.0-pre.2","aes-gcm-siv-v0.11.1","aes-gcm-v0.10.0","aes-gcm-v0.10.0-pre","aes-gcm-v0.10.0-pre.1","aes-gcm-v0.10.0-pre.2","aes-gcm-v0.10.1","aes-gcm-v0.10.2","aes-siv-v0.7.0","aes-siv-v0.7.0-pre.1","ascon-aead-v0.4.2","ccm-v0.5.0","ccm-v0.5.0-pre.1","chacha20poly1305-v0.10.0","chacha20poly1305-v0.10.0-pre.1","chacha20poly1305-v0.10.0-pre.2","chacha20poly1305-v0.10.1","deoxys-v0.1.0","deoxys-v0.1.0-pre.1","eax-v0.5.0","eax-v0.5.0-pre.1","mgm-v0.5.0-pre.1","xsalsa20poly1305-v0.9.0","xsalsa20poly1305-v0.9.0-pre","xsalsa20poly1305-v0.9.0-pre.1","xsalsa20poly1305-v0.9.0-pre.2","xsalsa20poly1305/v0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42811.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N"}]}