CVE-2018-1000159 – tlslite-ng

Package

Manager: pip
Name: tlslite-ng
Vulnerable Version: >=0 <0.7.4

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00161 pctl0.37556

Details

tlslite-ng off-by-one error on mac checking tlslite-ng version 0.7.3 and earlier, since commit [d7b288316bca7bcdd082e6ccff5491e241305233](https://github.com/tlsfuzzer/tlslite-ng/commit/d7b288316bca7bcdd082e6ccff5491e241305233) contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, `tlslite/utils/constanttime.py`: `ct_check_cbc_mac_and_pad()`; line `end_pos = data_len - 1 - mac.digest_size` that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit [3674815d1b0f7484454995e2737a352e0a6a93d8](https://github.com/tlsfuzzer/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8).

Metadata

Created: 2018-07-12T20:30:44Z
Modified: 2024-11-13T22:51:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-cwh5-3cw7-4286/GHSA-cwh5-3cw7-4286.json
CWE IDs: ["CWE-354"]
Alternative ID: GHSA-cwh5-3cw7-4286
Finding: F086
Auto approve: 1