CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV

2020-10-0214:14:45

CWE-20

php

www.cve.org

cve-2020-7069

wrong ciphertext

aes-ccm encryption

php 7.2.x

php 7.3.x

php 7.4.x

iv length

openssl_encrypt()

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

CNA Affected

[
  {
    "product": "PHP",
    "vendor": "PHP Group",
    "versions": [
      {
        "lessThan": "7.3.23",
        "status": "affected",
        "version": "7.3.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.4.11",
        "status": "affected",
        "version": "7.4.x",
        "versionType": "custom"
      },
      {
        "lessThan": "7.2.34",
        "status": "affected",
        "version": "7.2.x",
        "versionType": "custom"
      }
    ]
  }
]