← Back to context

Comment by woodruffw

6 hours ago

Services that process CMS[1] or PKCS#7 envelopes may be vulnerable to this bug. The most common example of these is S/MIME (for signed/encrypted email), but PKCS#7 and CMS show up in all kinds of random places.

(Unless I'm missing something, a key piece of context here is that CMD/PKCS#7 blobs are typically allowed to select their own algorithms, at least within an allowlist controlled by the receiving party. So the fact that it depends on an AEAD-specific parameter encoding is probably not a huge hurdle for someone looking to exploit this.)

[1]: https://datatracker.ietf.org/doc/html/rfc5652

[2]: https://datatracker.ietf.org/doc/html/rfc2315

0 comments

woodruffw

Reply