Fragen? Antworten! Siehe auch: Alternativlos
Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory
exception. However, these issues are not currently assessed as security
critical.
Es handelt sich hier um ein out of bounds read, d.h. nicht memory corruption aber kann trotzdem die Anwendung segfaulten.Hier der interessante Teil:
This issue was reported on 21st September 2023 by Tony Battersby of Cybernetics. The fix was developed by Dr Paul Dale. This problem was independently reported on the 3rd of December 2022 as part of issue
#19822, but it was not recognised as a security vulnerability at that time.
Mit anderen Worten: Es ist genau so, wie ich seit Jahren in meinen Vorträgen anprangere. Man fixt nur noch Dinge, die man als Security-Problem identifiziert. Alle anderen Bugs bleiben ungefixt offen.