Unrated severityNVD Advisory· Published Oct 2, 2020· Updated Sep 17, 2024
Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
CVE-2020-7069
Description
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202012-16mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4583-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2021/dsa-4856mitrevendor-advisoryx_refsource_DEBIAN
- bugs.php.net/bug.phpmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20201016-0001/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2021.htmlmitrex_refsource_MISC
- www.tenable.com/security/tns-2021-14mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.