Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3620748 by misop00p
Component: pkg/plugin/plugin.go:179 Affected Version: aws-encryption-provider @ 4341c70 (all versions) Found by: Fuzz testing (FuzzV1Decrypt, seed#0: empty []byte{})
V1Plugin.Decrypt() accesses request.Cipher[0] without checking that the slice is non-empty. Sending a DecryptRequest with empty or nil Cipher field causes an unrecoverable index out of range panic that crashes the entire gRPC server process.
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In