netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-04T21:13:33.656Z

Updated: 2024-08-06T18:58:19.539Z

Reserved: 2024-05-20T21:07:48.189Z

Link: CVE-2024-36121

cve-icon Vulnrichment

Updated: 2024-08-02T03:30:12.965Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-04T22:15:10.490

Modified: 2024-06-11T16:52:25.983

Link: CVE-2024-36121

cve-icon Redhat

No data.