脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Cesanta Mongoose GCM Authentication Tag tls_aes128.c mg_aes_gcm_decrypt signature verification
脆弱性説明
A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.21 is capable of addressing this issue. It is advisable to upgrade the affected component. VulDB has contacted the vendor early and they confirmed quickly, that this issue got fixed already.
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
脆弱性タイプ
密码学签名的验证不恰当
脆弱性タイトル
Cesanta Mongoose 数据伪造问题漏洞
脆弱性説明
Cesanta Mongoose是爱尔兰Cesanta公司的一套嵌入式服务器库,它包括TCP、HTTP客户端和服务器、WenSocket客户端和服务器等功能。 Cesanta Mongoose 7.20及之前版本存在数据伪造问题漏洞,该漏洞源于组件GCM Authentication Tag Handler中文件/src/tls_aes128.c的函数mg_aes_gcm_decrypt对加密签名验证不当,可能导致远程攻击。
CVSS情報
N/A
脆弱性タイプ
N/A