Vulnerability: Out-of-Bounds Read in CHACHA20-POLY1305 Implementation in NSS

Vulnerability: Out-of-Bounds Read in CHACHA20-POLY1305 Implementation in NSS

CVE-2020-12403 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.

Learn more about our Web Application Penetration Testing UK.