Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:google:tink:1.2.0:rc3:*:*:*:*:*:*
  • CPE Name Search: true
There are 1 matching records.
Displaying matches 1 through 1.
Vuln ID Summary CVSS Severity
CVE-2020-8929

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.

Published: October 19, 2020; 9:15:13 AM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM