{"id":"RUSTSEC-2023-0068","summary":"Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse","details":"**Problem**: Trying to create a new encrypted message with the same cocoon\nobject generates the same ciphertext. It mostly affects `MiniCocoon` and\n`Cocoon` objects with custom seeds and RNGs (where `StdRng` is used under\nthe hood).\n\n**Note**: The issue does **NOT** affect objects created with **`Cocoon::new`**\nwhich utilizes `ThreadRng`.\n\n**Cause**: `StdRng` produces the same nonce because `StdRng::clone` resets its\nstate.\n\n**Measure**: Make encryption API mutable (`encrypt`, `wrap`, and `dump`).\n\n**Workaround**: Create a new cocoon object with a new **seed** per each\nencryption.\n\n## How to Reproduce\n\n```rust\nlet cocoon = MiniCocoon::from_password(b\"password\", &[1; 32]);\nlet mut data1 = \"my secret data\".to_owned().into_bytes();\nlet _ = cocoon.encrypt(&mut data1)?;\n\nlet mut data2 = \"my secret data\".to_owned().into_bytes();\nlet _ = cocoon.encrypt(&mut data2)?;\n\n// data1: [23, 217, 251, 151, 179, 62, 85, 15, 253, 92, 192, 112, 200, 52]\n// data2: [23, 217, 251, 151, 179, 62, 85, 15, 253, 92, 192, 112, 200, 52]\n```\n\n## Workaround\n\nFor `cocoon \u003c= 0.3.3`, create a new cocoon with a different **seed**\nper each `encrypt`/`wrap`/`dump` call.\n\n```rust\nlet cocoon = MiniCocoon::from_password(b\"password\", &[1; 32]);\nlet mut data1 = \"my secret data\".to_owned().into_bytes();\nlet _ = cocoon.encrypt(&mut data1)?;\n\n// Another seed: &[2; 32].\nlet cocoon = MiniCocoon::from_password(b\"password\", &[2; 32]);\nlet mut data2 = \"my secret data\".to_owned().into_bytes();\nlet _ = cocoon.encrypt(&mut data2)?;\n\n// data1: [23, 217, 251, 151, 179, 62, 85, 15, 253, 92, 192, 112, 200, 52]\n// data2: [53, 223, 209, 96, 130, 99, 209, 108, 83, 189, 123, 81, 19, 1]\n```","aliases":["CVE-2024-21530","GHSA-6878-6wc2-pf5h","GHSA-r2jw-c95q-rj29"],"modified":"2025-10-28T06:02:18Z","published":"2023-10-15T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/cocoon"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0068.html"},{"type":"REPORT","url":"https://github.com/fadeevab/cocoon/issues/22"}],"affected":[{"package":{"name":"cocoon","ecosystem":"crates.io","purl":"pkg:cargo/cocoon"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.4.0"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":["cocoon::Cocoon::dump","cocoon::Cocoon::encrypt","cocoon::Cocoon::wrap","cocoon::MiniCocoon::dump","cocoon::MiniCocoon::encrypt","cocoon::MiniCocoon::wrap"]},"affected_functions":null},"database_specific":{"categories":["crypto-failure"],"informational":null,"cvss":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0068.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}]}