logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

GHSA-6878-6wc2-pf5h cocoon

Package

Manager: cargo
Name: cocoon
Vulnerable Version: >=0 <0.4.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse **Problem**: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects `MiniCocoon` and `Cocoon` objects with custom seeds and RNGs (where `StdRng` is used under the hood). **Note**: The issue does **NOT** affect objects created with **`Cocoon::new`** which utilizes `ThreadRng`. **Cause**: `StdRng` produces the same nonce because `StdRng::clone` resets its state. **Measure**: Make encryption API mutable (`encrypt`, `wrap`, and `dump`). **Workaround**: Create a new cocoon object with a new **seed** per each encryption. ## How to Reproduce ```rust let cocoon = MiniCocoon::from_password(b"password", &[1; 32]); let mut data1 = "my secret data".to_owned().into_bytes(); let _ = cocoon.encrypt(&mut data1)?; let mut data2 = "my secret data".to_owned().into_bytes(); let _ = cocoon.encrypt(&mut data2)?; // data1: [23, 217, 251, 151, 179, 62, 85, 15, 253, 92, 192, 112, 200, 52] // data2: [23, 217, 251, 151, 179, 62, 85, 15, 253, 92, 192, 112, 200, 52] ``` ## Workaround For `cocoon <= 0.3.3`, create a new cocoon with a different **seed** per each `encrypt`/`wrap`/`dump` call. ```rust let cocoon = MiniCocoon::from_password(b"password", &[1; 32]); let mut data1 = "my secret data".to_owned().into_bytes(); let _ = cocoon.encrypt(&mut data1)?; // Another seed: &[2; 32]. let cocoon = MiniCocoon::from_password(b"password", &[2; 32]); let mut data2 = "my secret data".to_owned().into_bytes(); let _ = cocoon.encrypt(&mut data2)?; // data1: [23, 217, 251, 151, 179, 62, 85, 15, 253, 92, 192, 112, 200, 52] // data2: [53, 223, 209, 96, 130, 99, 209, 108, 83, 189, 123, 81, 19, 1] ```

Metadata

Created: 2023-10-24T19:22:26Z
Modified: 2023-10-24T19:22:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-6878-6wc2-pf5h/GHSA-6878-6wc2-pf5h.json
CWE IDs: []
Alternative ID: N/A
Finding: F034
Auto approve: 1