CVE-2021-4239 - Vulnerability Details - OpenCVE

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Noiseprotocol	Noise

Configuration 1 [-]

cpe:2.3:a:noiseprotocol:noise:-:*:*:*:*:go:*:*

No data.

References

Link	Providers
https://github.com/flynn/noise/pull/44
https://pkg.go.dev/vuln/GO-2022-0425

History

Mon, 14 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2022-12-27T21:13:53.590Z

Updated: 2025-04-14T16:59:43.688Z

Reserved: 2022-07-29T20:06:51.345Z

Link: CVE-2021-4239

Vulnrichment

Updated: 2024-08-03T17:23:10.118Z

NVD

Status : Modified

Published: 2022-12-27T22:15:12.123

Modified: 2025-04-14T17:15:24.963

Link: CVE-2021-4239

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-4239", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2022-07-29T20:06:51.345Z", "datePublished": "2022-12-27T21:13:53.590Z", "dateUpdated": "2025-04-14T16:59:43.688Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:04:19.549Z"}, "title": "Weak encryption and denial of service in github.com/flynn/noise", "descriptions": [{"lang": "en", "value": "The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages."}], "affected": [{"vendor": "github.com/flynn/noise", "product": "github.com/flynn/noise", "collectionURL": "https://pkg.go.dev", "packageName": "github.com/flynn/noise", "versions": [{"version": "0", "lessThan": "1.0.0", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "CipherState.Encrypt"}, {"name": "CipherState.Decrypt"}, {"name": "symmetricState.EncryptAndHash"}, {"name": "HandshakeState.ReadMessage"}, {"name": "HandshakeState.WriteMessage"}, {"name": "symmetricState.DecryptAndHash"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 400: Uncontrolled Resource Consumption"}]}], "references": [{"url": "https://github.com/flynn/noise/pull/44"}, {"url": "https://pkg.go.dev/vuln/GO-2022-0425"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.118Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/flynn/noise/pull/44", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2022-0425", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T16:59:11.062582Z", "id": "CVE-2021-4239", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T16:59:43.688Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/flynn/noise/pull/44", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2022-0425", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.118Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-4239", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T16:59:11.062582Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T16:59:32.684Z"}}], "cna": {"title": "Weak encryption and denial of service in github.com/flynn/noise", "affected": [{"vendor": "github.com/flynn/noise", "product": "github.com/flynn/noise", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.0", "versionType": "semver"}], "packageName": "github.com/flynn/noise", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "CipherState.Encrypt"}, {"name": "CipherState.Decrypt"}, {"name": "symmetricState.EncryptAndHash"}, {"name": "HandshakeState.ReadMessage"}, {"name": "HandshakeState.WriteMessage"}, {"name": "symmetricState.DecryptAndHash"}]}], "references": [{"url": "https://github.com/flynn/noise/pull/44"}, {"url": "https://pkg.go.dev/vuln/GO-2022-0425"}], "descriptions": [{"lang": "en", "value": "The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE 400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:04:19.549Z"}}}, "cveMetadata": {"cveId": "CVE-2021-4239", "state": "PUBLISHED", "dateUpdated": "2025-04-14T16:59:43.688Z", "dateReserved": "2022-07-29T20:06:51.345Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2022-12-27T21:13:53.590Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:noiseprotocol:noise:-:*:*:*:*:go:*:*", "matchCriteriaId": "09D5D86A-ADA9-4223-B806-D248CD55F94A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages."}, {"lang": "es", "value": "La implementaci\u00f3n del protocolo Noise sufre de seguridad criptogr\u00e1fica debilitada despu\u00e9s de cifrar 2^64 mensajes y un posible ataque de denegaci\u00f3n de servicio. Despu\u00e9s de cifrar 2^64 (~18,4 quintillones) de mensajes con la funci\u00f3n Encrypt , el contador nonce se ajustar\u00e1, lo que provocar\u00e1 que se cifren varios mensajes con la misma clave y nonce. En un tema aparte, la funci\u00f3n Decrypt incrementa el estado nonce incluso cuando no logra descifrar un mensaje. Si un atacante puede proporcionar una entrada no v\u00e1lida a la funci\u00f3n Decrypt, esto har\u00e1 que el estado nonce se desincronice entre los pares, lo que resultar\u00e1 en un fallo al cifrar todos los mensajes posteriores."}], "id": "CVE-2021-4239", "lastModified": "2025-04-14T17:15:24.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-27T22:15:12.123", "references": [{"source": "security@golang.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/flynn/noise/pull/44"}, {"source": "security@golang.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2022-0425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/flynn/noise/pull/44"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2022-0425"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}]}