Skip to content

Unauthenticated Nonce Increment in snow

Moderate severity GitHub Reviewed Published Jan 24, 2024 in mcginty/snow • Updated Feb 9, 2024

Package

cargo snow (Rust)

Affected versions

< 0.9.5

Patched versions

0.9.5

Description

Impact

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with the ability to inject packets into the channel Noise is talking over, this allows a denial-of-service type attack which could prevent communication as it causes the sending and receiving side to be expecting different nonce values than would arrive.

Note that this only affects those who are using the stateful TransportState, not those using StatelessTransportState.

Patches

This has been patched in version 0.9.5, and all users are recommended to update.

References

There will be a more formal report of this in the near future.

References

@mcginty mcginty published to mcginty/snow Jan 24, 2024
Published to the GitHub Advisory Database Jan 24, 2024
Reviewed Jan 24, 2024
Last updated Feb 9, 2024

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-7g9j-g5jg-3vv3

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.