Loading HuntDB...

GHSA-r2jw-c95q-rj29

GitHub Security Advisory

cocoon Reuses a Nonce, Key Pair in Encryption

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object.

**Note:**
The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.

Affected Packages

crates.io cocoon
Affected versions: 0 (fixed in 0.4.0)

Related CVEs

Key Information

GHSA ID
GHSA-r2jw-c95q-rj29
Published
October 2, 2024 6:30 AM
Last Modified
October 2, 2024 5:57 PM
CVSS Score
5.0 /10
Primary Ecosystem
crates.io
Primary Package
cocoon
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.