5.9

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JhuCharm Version0.43
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.502
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://eprint.iacr.org/2020/460
Third Party Advisory
https://github.com/JHUISI/charm/issues/276
Third Party Advisory
Issue Tracking
https://www2.hci.uni-hannover.de/papers/Tan2019.pdf
Third Party Advisory
Technical Description