Netty OHTTP seq num overflow causes nonce reuse
CVE-2024-36121 Published on June 4, 2024

netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces
netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat.

Github Repository NVD

Vulnerability Analysis

CVE-2024-36121 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Types

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2024-36121 has been classified to as an Information Disclosure vulnerability or weakness.

Integer Overflow or Wraparound

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.

Reusing a Nonce, Key Pair in Encryption

Nonces should be used for the present occasion and only once.


Products Associated with CVE-2024-36121

Want to know whenever a new CVE is published for Netty Incubator Codec Ohttp? stack.watch will email you.

Netty Incubator Codec Ohttp
 

Affected Versions

netty-incubator-codec-ohttp Version >= 0.0.3.Final, < 0.0.11.Final is affected by CVE-2024-36121

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-36121

Package Manager Vulnerable Package Versions Fixed In
maven io.netty.incubator:netty-incubator-codec-ohttp >= 0.0.3.Final, < 0.0.11.Final 0.0.11.Final

Exploit Probability

EPSS
0.40%
Percentile
61.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.