GHSA-r2jw-c95q-rj29
GitHub Security Advisory
cocoon Reuses a Nonce, Key Pair in Encryption
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object.
**Note:**
The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.
Affected Packages
crates.io
cocoon
Affected versions:
0
(fixed in 0.4.0)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: June 15, 2025 6:24 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.