GHSA-6878-6wc2-pf5h: Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

October 24, 2023

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs (where StdRng is used under the hood).

Note: The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.

Cause: StdRng produces the same nonce because StdRng::clone resets its state.

Measure: Make encryption API mutable (encrypt, wrap, and dump).

Workaround: Create a new cocoon object with a new seed per each encryption.

References

github.com/advisories/GHSA-6878-6wc2-pf5h
github.com/fadeevab/cocoon/commit
github.com/fadeevab/cocoon/commit/1b6392173ce35db4736a94b62b2d2973f9a71441
github.com/fadeevab/cocoon/issues/22
rustsec.org/advisories/RUSTSEC-2023-0068.html

Detect and mitigate GHSA-6878-6wc2-pf5h with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →