CMAC + SERPENT/IDEA/RC2 buffer overflow/crash with oversized key

Werner Koch wk at gnupg.org
Sun Apr 4 19:15:01 CEST 2021


On Fri,  2 Apr 2021 22:51, Guido Vranken said:

> With that said, exploitation might be possible in specific circumstances.

... and it would be much easier to attack the application than
Libgcrypt.  An application which does not take care from where it gets
the key has for sure a lot of other problems.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20210404/c27047e6/attachment.sig>


More information about the Gcrypt-devel mailing list