CVE-2023-26084

3.7LOW

Key Information

Vendor: Arm
Status: Aarch64cryptolib
Vendor: CVE Published:; 15 March 2023

Summary

The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 15, 2023
Vulnerability Reserved.
Feb 20, 2023

Collectors

NVD DatabaseMitre Database