Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <1478131133.3496639.775671145.5782B090@webmail.messagingengine.com>
Date: Wed, 02 Nov 2016 16:58:53 -0700
From: Cedric Staub <css@....bio>
To: oss-security@...ts.openwall.com
Subject: CVE request: multiple issues in go-jose package

Hello,

I'd like to request CVE numbers for three issues in go-jose
(https://github.com/square/go-jose):


1. Invalid curve attack for ECDH-ES algorithm

When deriving a shared key using ECDH-ES for an encrypted message, go-
jose neglected to check that the received public key on a message is on
the same curve as the static private key of the receiver, thus making it
vulnerable to an invalid curve attack.

Upstream patch:
https://github.com/square/go-jose/commit/c7581939a3656bb65e89d64da0a52364a33d2507


2. Exploiting multiple signatures

The go-jose library supports messages with multiple signatures. However,
when validating a signed message the API did not indicate which
signature was valid, which could potentially lead to confusion. For
example, users of the library might mistakenly read protected header
values from an attached signature that was different from the one
originally validated.

Upstream patch:
https://github.com/square/go-jose/commit/2c5656adca9909843c4ff50acf1d2cf8f32da7e6


3. CBC-HMAC integer overflow on 32-bit architectures

An integer overflow could lead to authentication bypass for CBC-HMAC
encrypted ciphertexts on 32-bit architectures.

Upstream patch:
https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96


All of the above issues were reported by Quan Nguyen from Google's
Information Security Engineering Team.
 
Thanks,
Cedric

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.