Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23300: Toybox.Cryptography.Cipher

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device’s firmware.

CVE
Open in Source
#buffer_overflow

Overview****See Also:

Instance Method Summary collapse

  • decrypt(ciphertext as Lang.ByteArray) as Lang.ByteArray

    Decrypt data with the key, depending on how the cipher was initialized.

  • encrypt(plaintext as Lang.ByteArray) as Lang.ByteArray

    Encrypt data with the key, depending on how the cipher was initialized.

  • initialize(options as { :algorithm as Cryptography.CipherAlgorithm, :mode as Cryptography.EncryptionMode, :key as Lang.ByteArray, :iv as Lang.ByteArray })

    Constructor.

Instance Method Details

****decrypt(ciphertext as Lang.ByteArray)** as Lang.ByteArray**

Decrypt data with the key, depending on how the cipher was initialized.

Decryption can be broken up into two or more calls to decrypt(). For MODE_CBC, the ciphertext length (in bytes) must be a multiple of the block size.

****encrypt(plaintext as Lang.ByteArray)** as Lang.ByteArray**

Encrypt data with the key, depending on how the cipher was initialized.

Encryption can be broken up into two or more calls to encrypt. For MODE_CBC, the plaintext length (in bytes) must be a multiple of the block size.

Generated May 23, 2023 10:32:06 AM

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE