Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3620753 by misop00p
Component: pkg/plugin/plugin_v2.go:182 Affected Version: aws-encryption-provider @ 4341c70 (all versions) Found by: Fuzz testing (FuzzV2Decrypt, seed#0: empty []byte{}) TLP: TLP:Amber
V2Plugin.Decrypt() accesses request.Ciphertext[0] without checking that the slice is non-empty. Same root cause as BUG-001 but in the V2 (KMS v2) API path. Crashes the entire gRPC server process.
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In