Sha256: 58a9594a07de6e73d2b44e194a7e5b17ab25cc5262e63200590d15d077ebb252

Contents?: true

Size: 413 Bytes

Versions: 5

Compression:

Stored size: 413 Bytes

Contents

---
gem: aescrypt
cve: 2013-7463
date: 2013-10-01
url: https://github.com/Gurpartap/aescrypt/issues/4
title: Vulnerability in aescrypt because IV is not randomized
description: |
  The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the
  AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to
  defeat cryptographic protection mechanisms via a chosen plaintext attack.

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/aescrypt/CVE-2013-7463.yml