netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-04T21:13:33.656Z
Updated: 2024-08-06T18:58:19.539Z
Reserved: 2024-05-20T21:07:48.189Z
Link: CVE-2024-36121
Vulnrichment
Updated: 2024-08-02T03:30:12.965Z
NVD
Status : Modified
Published: 2024-06-04T22:15:10.490
Modified: 2024-11-21T09:21:39.927
Link: CVE-2024-36121
Redhat
No data.