{"id":"JLSEC-2026-108","summary":"Deno's AES GCM authentication tags are not verified","details":"### Summary\n\nThis affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit [0d1beed](https://github.com/denoland/deno/commit/0d1beed). Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js.\n\nWithout authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective.\n\n### PoC\n\n```ts\nimport { Buffer } from \"node:buffer\";\nimport {\n  createCipheriv,\n  createDecipheriv,\n  randomBytes,\n  scrypt,\n} from \"node:crypto\";\n\ntype Encrypted = {\n  salt: string;\n  iv: string;\n  enc: string;\n  authTag: string;\n};\n\nconst deriveKey = (key: string, salt: Buffer) =\u003e\n  new Promise\u003cBuffer\u003e((res, rej) =\u003e\n    scrypt(key, salt, 32, (err, k) =\u003e {\n      if (err) rej(err);\n      else res(k);\n    })\n  );\n\nasync function encrypt(text: string, key: string): Promise\u003cEncrypted\u003e {\n  const salt = randomBytes(32);\n  const k = await deriveKey(key, salt);\n\n  const iv = randomBytes(16);\n  const enc = createCipheriv(\"aes-256-gcm\", k, iv);\n  const ciphertext = enc.update(text, \"binary\", \"binary\") + enc.final(\"binary\");\n\n  return {\n    salt: salt.toString(\"binary\"),\n    iv: iv.toString(\"binary\"),\n    enc: ciphertext,\n    authTag: enc.getAuthTag().toString(\"binary\"),\n  };\n}\n\nasync function decrypt(enc: Encrypted, key: string) {\n  const k = await deriveKey(key, Buffer.from(enc.salt, \"binary\"));\n  const dec = createDecipheriv(\"aes-256-gcm\", k, Buffer.from(enc.iv, \"binary\"));\n\n  const out = dec.update(enc.enc, \"binary\", \"binary\");\n  dec.setAuthTag(Buffer.from(enc.authTag, \"binary\"));\n  return out + dec.final(\"binary\");\n}\n\nconst test = await encrypt(\"abcdefghi\", \"key\");\ntest.enc = \"\";\nconsole.log(await decrypt(test, \"\")); // no error\n```\n\n### Impact\n\nWhile discovered through experimentation, authentication failures that should raise errors may be silently ignored.","modified":"2026-04-14T13:31:35.323441460Z","published":"2026-04-14T13:10:46.494Z","upstream":["CVE-2025-24015","EUVD-2025-16794","GHSA-2x3r-hwv5-p32x"],"database_specific":{"license":"CC-BY-4.0","sources":[{"imported":"2026-04-14T12:58:55.069Z","modified":"2025-06-09T15:11:33.737Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24015","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-24015","id":"CVE-2025-24015","published":"2025-06-03T23:15:20.633Z"},{"imported":"2026-04-14T12:58:58.660Z","modified":"2025-06-04T22:56:15Z","html_url":"https://github.com/advisories/GHSA-2x3r-hwv5-p32x","url":"https://api.github.com/advisories/GHSA-2x3r-hwv5-p32x","id":"GHSA-2x3r-hwv5-p32x","published":"2025-06-04T20:48:56Z"},{"imported":"2026-04-14T12:58:57.176Z","modified":"2025-06-04T19:15:04Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-16794","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-16794","id":"EUVD-2025-16794","published":"2025-06-03T22:48:52Z"}]},"references":[{"type":"WEB","url":"https://github.com/denoland/deno/commit/0d1beed"},{"type":"WEB","url":"https://github.com/denoland/deno/commit/4f27d7cdc02e3edfb9d36275341fb8185d6e99ed"},{"type":"WEB","url":"https://github.com/denoland/deno/commit/a4003a5292bd0affefad3ecb24a8732886900f67"},{"type":"WEB","url":"https://github.com/denoland/deno/security/advisories/GHSA-2x3r-hwv5-p32x"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24015"},{"type":"WEB","url":"https://github.com/denoland/deno/commit/0d1beed2e3633d71d5e288e0382b85be361ec13d"},{"type":"WEB","url":"https://github.com/advisories/GHSA-2x3r-hwv5-p32x"}],"affected":[{"package":{"name":"Deno_jll","ecosystem":"Julia","purl":"pkg:julia/Deno_jll?uuid=04572ae6-984a-583e-9378-9577a1c2574d"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.0.0+0"},{"fixed":"2.2.6+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-108.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"}],"credits":[{"name":"canislupaster","contact":["https://github.com/canislupaster"],"type":"REPORTER"}]}