CVE-2020-8929: Ciphertext Malleability Issue in Tink Java

October 16, 2020 (updated November 13, 2024)

Tink’s Java version before 1.5 under some circumstances allowed attackers to change the key ID part of the ciphertext, resulting in the attacker creating a second ciphertext that will decrypt to the same plaintext. This can be a problem in particular in the case of encrypting with a deterministic AEAD with a single key, and relying on the fact that there is only a single valid ciphertext per plaintext.

No loss of confidentiality or loss of plaintext integrity occurs due to this problem, only ciphertext integrity is compromised.

References

github.com/advisories/GHSA-g5vf-v6wf-7w2r
github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899
github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r
github.com/pypa/advisory-database/tree/main/vulns/tink/PYSEC-2020-142.yaml
nvd.nist.gov/vuln/detail/CVE-2020-8929

Code Behaviors & Features

Detect and mitigate CVE-2020-8929 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →