cvelistv5 - cve-2020-8929

CVE-2020-8929 (GCVE-0-2020-8929)

Vulnerability from cvelistv5 – Published: 2020-10-19 12:15 – Updated: 2024-08-04 10:12

Summary

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-176 - Improper Handling of Unicode Encoding

Assigner

Google

References

URL

Tags

	https://github.com/google/tink/commit/93d839a5865…	x_refsource_CONFIRM
	https://github.com/google/tink/security/advisorie…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Google LLC	Tink	Affected: stable , < 1.5 (custom)

Credits

Peter Esbensen

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:11.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Java"
          ],
          "product": "Tink",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThan": "1.5",
              "status": "affected",
              "version": "stable",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Peter Esbensen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-176",
              "description": "CWE-176 Improper Handling of Unicode Encoding",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-19T12:15:16",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Ciphertext integrity weakness in Tink",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2020-8929",
          "STATE": "PUBLIC",
          "TITLE": "Ciphertext integrity weakness in Tink"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Tink",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Java",
                            "version_affected": "\u003c",
                            "version_name": "stable",
                            "version_value": "1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Peter Esbensen"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-176 Improper Handling of Unicode Encoding"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899",
              "refsource": "CONFIRM",
              "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
            },
            {
              "name": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r",
              "refsource": "CONFIRM",
              "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2020-8929",
    "datePublished": "2020-10-19T12:15:16",
    "dateReserved": "2020-02-12T00:00:00",
    "dateUpdated": "2024-08-04T10:12:11.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tink:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.5\", \"matchCriteriaId\": \"72E3E34A-E2CF-43CE-9D67-0E6ED1BC4EE3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.\"}, {\"lang\": \"es\", \"value\": \"Un manejo inapropiado de caracteres Unicode no v\\u00e1lidos en la implementaci\\u00f3n de Java Tink versiones anteriores a 1.5, permite a un atacante cambiar la parte del ID de un texto cifrado, lo que resulta en la creaci\\u00f3n de un segundo texto cifrado que puede descifrarse en el mismo texto plano.\u0026#xa0;Esto puede ser un problema con el cifrado AEAD determinista con una sola clave y depender de un \\u00fanico texto cifrado por texto plano\"}]",
      "id": "CVE-2020-8929",
      "lastModified": "2024-11-21T05:39:41.533",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-10-19T13:15:13.437",
      "references": "[{\"url\": \"https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve-coordination@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-176\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-8929\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2020-10-19T13:15:13.437\",\"lastModified\":\"2025-06-05T14:50:15.710\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.\"},{\"lang\":\"es\",\"value\":\"Un manejo inapropiado de caracteres Unicode no v\u00e1lidos en la implementaci\u00f3n de Java Tink versiones anteriores a 1.5, permite a un atacante cambiar la parte del ID de un texto cifrado, lo que resulta en la creaci\u00f3n de un segundo texto cifrado que puede descifrarse en el mismo texto plano.\u0026#xa0;Esto puede ser un problema con el cifrado AEAD determinista con una sola clave y depender de un \u00fanico texto cifrado por texto plano\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-176\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tink_java:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.5.0\",\"matchCriteriaId\":\"79CF433A-2538-413E-B3A7-B07C4D2B9BDA\"}]}]}],\"references\":[{\"url\":\"https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2020-57870

Vulnerability from cnvd - Published: 2020-10-22

Title

Google Tink数据伪造问题漏洞

Description

Tink是美国谷歌（Google）的一个多语言跨平台的提供加密API的一个开发库。 Tink 1.5之前版本存在安全漏洞，该漏洞源于对无效unicode字符的错误处理，攻击者可利用该漏洞更改密文的ID部分，这将导致创建第二个密文，该密文可以解密为相同的明文，这可能是使用单个密钥加密确定性AEAD时的一个问题，并且依赖于每明文唯一的密文。

Severity

中

Patch Name

Google Tink数据伪造问题漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8929

Impacted products

Name
Google Google Tink <1.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8929",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-8929"
    }
  },
  "description": "Tink\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u7684\u4e00\u4e2a\u591a\u8bed\u8a00\u8de8\u5e73\u53f0\u7684\u63d0\u4f9b\u52a0\u5bc6API\u7684\u4e00\u4e2a\u5f00\u53d1\u5e93\u3002\n\nTink 1.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u65e0\u6548unicode\u5b57\u7b26\u7684\u9519\u8bef\u5904\u7406\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u5bc6\u6587\u7684ID\u90e8\u5206\uff0c\u8fd9\u5c06\u5bfc\u81f4\u521b\u5efa\u7b2c\u4e8c\u4e2a\u5bc6\u6587\uff0c\u8be5\u5bc6\u6587\u53ef\u4ee5\u89e3\u5bc6\u4e3a\u76f8\u540c\u7684\u660e\u6587\uff0c\u8fd9\u53ef\u80fd\u662f\u4f7f\u7528\u5355\u4e2a\u5bc6\u94a5\u52a0\u5bc6\u786e\u5b9a\u6027AEAD\u65f6\u7684\u4e00\u4e2a\u95ee\u9898\uff0c\u5e76\u4e14\u4f9d\u8d56\u4e8e\u6bcf\u660e\u6587\u552f\u4e00\u7684\u5bc6\u6587\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-57870",
  "openTime": "2020-10-22",
  "patchDescription": "Tink\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u7684\u4e00\u4e2a\u591a\u8bed\u8a00\u8de8\u5e73\u53f0\u7684\u63d0\u4f9b\u52a0\u5bc6API\u7684\u4e00\u4e2a\u5f00\u53d1\u5e93\u3002\r\n\r\nTink 1.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u65e0\u6548unicode\u5b57\u7b26\u7684\u9519\u8bef\u5904\u7406\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u5bc6\u6587\u7684ID\u90e8\u5206\uff0c\u8fd9\u5c06\u5bfc\u81f4\u521b\u5efa\u7b2c\u4e8c\u4e2a\u5bc6\u6587\uff0c\u8be5\u5bc6\u6587\u53ef\u4ee5\u89e3\u5bc6\u4e3a\u76f8\u540c\u7684\u660e\u6587\uff0c\u8fd9\u53ef\u80fd\u662f\u4f7f\u7528\u5355\u4e2a\u5bc6\u94a5\u52a0\u5bc6\u786e\u5b9a\u6027AEAD\u65f6\u7684\u4e00\u4e2a\u95ee\u9898\uff0c\u5e76\u4e14\u4f9d\u8d56\u4e8e\u6bcf\u660e\u6587\u552f\u4e00\u7684\u5bc6\u6587\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Tink\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Google Tink \u003c1.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8929",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-20",
  "title": "Google Tink\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e"
}

GHSA-G5VF-V6WF-7W2R

Vulnerability from github – Published: 2020-10-16 00:51 – Updated: 2025-06-05 16:44

Summary

Ciphertext Malleability Issue in Tink Java

Details

Impact

Tink's Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a deterministic AEAD with a single key, and relying on the fact that there is only a single valid ciphertext per plaintext.

No loss of confidentiality or loss of plaintext integrity occurs due to this problem, only ciphertext integrity is compromised.

Patches

The issue was fixed in this pull request.

Workarounds

The only workaround is to backport the fixing pull request.

Details

Tink uses the first five bytes of a ciphertext for a version byte and a four byte key ID. Since each key has a well defined prefix, this extends non-malleability properties (but technically not indistinguishability). However, in the Java version this prefix lookup used a hash map indexed by unicode strings instead of the byte array, which means that invalid Unicode characters would be replaced by U+FFFD by the Java API's default behavior. This means several different values for the five bytes would result in the same hash table key, which allows an attacker to exchange one invalid byte sequence for another, creating a mutated ciphertext that still decrypts (to the same plaintext).

Acknowledgements

We'd like to thank Peter Esbensen for finding this issue and raising it internally.

For more information

If you have any questions or comments about this advisory: * Open an issue in Tink

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.google.crypto.tink:tink"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-176",
      "CWE-327"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-10-16T00:49:43Z",
    "nvd_published_at": "2020-10-19T13:15:13Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nTink\u0027s Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a deterministic AEAD with a single key, and relying on the fact that there is only a single valid ciphertext per plaintext.\n\nNo loss of confidentiality or loss of plaintext integrity occurs due to this problem, only ciphertext integrity is compromised.\n\n### Patches\nThe issue was fixed in this [pull request](https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899).\n\n### Workarounds\nThe only workaround is to backport the fixing [pull request](https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899).\n\n### Details\nTink uses the first five bytes of a ciphertext for a version byte and a four byte key ID. Since each key has a well defined prefix, this extends non-malleability properties (but technically not indistinguishability). However, in the Java version this prefix lookup used a hash map indexed by unicode strings instead of the byte array, which means that invalid Unicode characters would be [replaced by U+FFFD](https://en.wikipedia.org/wiki/UTF-8#Invalid_sequences_and_error_handling) by the [Java API\u0027s default behavior](https://docs.oracle.com/javase/7/docs/api/java/lang/String.html#String(byte[],%20java.nio.charset.Charset)). This means several different values for the five bytes would result in the same hash table key, which allows an attacker to exchange one invalid byte sequence for another, creating a mutated ciphertext that still decrypts (to the same plaintext).\n\n### Acknowledgements\nWe\u0027d like to thank Peter Esbensen for finding this issue and raising it internally.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Tink](https://github.com/google/tink/issues)",
  "id": "GHSA-g5vf-v6wf-7w2r",
  "modified": "2025-06-05T16:44:52Z",
  "published": "2020-10-16T00:51:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8929"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tink/PYSEC-2020-142.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Ciphertext Malleability Issue in Tink Java"
}

GSD-2020-8929

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-8929

Aliases

CVE-2020-8929

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-8929",
    "description": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.",
    "id": "GSD-2020-8929"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-8929"
      ],
      "details": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.",
      "id": "GSD-2020-8929",
      "modified": "2023-12-13T01:21:54.365323Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2020-8929",
        "STATE": "PUBLIC",
        "TITLE": "Ciphertext integrity weakness in Tink"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Tink",
                    "version": {
                      "version_data": [
                        {
                          "platform": "Java",
                          "version_affected": "\u003c",
                          "version_name": "stable",
                          "version_value": "1.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google LLC"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Peter Esbensen"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-176 Improper Handling of Unicode Encoding"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899",
            "refsource": "CONFIRM",
            "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
          },
          {
            "name": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r",
            "refsource": "CONFIRM",
            "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
          }
        ]
      },
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.5)",
          "affected_versions": "All versions before 1.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2020-10-29",
          "description": "A mis-handling of invalid unicode characters in the Java implementation of Tink allows an attacker to change the `ID` part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic `AEAD` with a single key, and rely on a unique ciphertext-per-plaintext.",
          "fixed_versions": [
            "1.5.0"
          ],
          "identifier": "CVE-2020-8929",
          "identifiers": [
            "CVE-2020-8929",
            "GHSA-g5vf-v6wf-7w2r"
          ],
          "not_impacted": "All versions starting from 1.5",
          "package_slug": "maven/com.google.crypto.tink/tink",
          "pubdate": "2020-10-19",
          "solution": "Upgrade to version 1.5.0 or above.",
          "title": "Incorrect Calculation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-8929"
          ],
          "uuid": "e68c4a39-06ae-4b0e-99bd-0ebea54a0b4d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:tink:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2020-8929"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
            },
            {
              "name": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-10-29T22:16Z",
      "publishedDate": "2020-10-19T13:15Z"
    }
  }
}

FKIE_CVE-2020-8929

Vulnerability from fkie_nvd - Published: 2020-10-19 13:15 - Updated: 2025-06-05 14:50

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
cve-coordination@google.com	https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899	Patch, Third Party Advisory
cve-coordination@google.com	https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	google	tink_java	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:tink_java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CF433A-2538-413E-B3A7-B07C4D2B9BDA",
              "versionEndExcluding": "1.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext."
    },
    {
      "lang": "es",
      "value": "Un manejo inapropiado de caracteres Unicode no v\u00e1lidos en la implementaci\u00f3n de Java Tink versiones anteriores a 1.5, permite a un atacante cambiar la parte del ID de un texto cifrado, lo que resulta en la creaci\u00f3n de un segundo texto cifrado que puede descifrarse en el mismo texto plano.\u0026#xa0;Esto puede ser un problema con el cifrado AEAD determinista con una sola clave y depender de un \u00fanico texto cifrado por texto plano"
    }
  ],
  "id": "CVE-2020-8929",
  "lastModified": "2025-06-05T14:50:15.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-19T13:15:13.437",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-176"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

PYSEC-2020-142

Vulnerability from pysec - Published: 2020-10-19 13:15 - Updated: 2020-10-29 22:16

Details

Impacted products

Name	purl
tink	pkg:pypi/tink

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tink",
        "purl": "pkg:pypi/tink"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "93d839a5865b9d950dffdc9d0bc99b71280a8899"
            }
          ],
          "repo": "https://github.com/google/tink",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.4.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8929",
    "GHSA-g5vf-v6wf-7w2r"
  ],
  "details": "A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.",
  "id": "PYSEC-2020-142",
  "modified": "2020-10-29T22:16:00Z",
  "published": "2020-10-19T13:15:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r"
    },
    {
      "type": "FIX",
      "url": "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-8929 (GCVE-0-2020-8929)

CNVD-2020-57870

GHSA-G5VF-V6WF-7W2R

Impact

Patches

Workarounds

Details

Acknowledgements

For more information

GSD-2020-8929

FKIE_CVE-2020-8929

PYSEC-2020-142

Tags

Sightings

Nomenclature