CVE-2020-25023 – This vulnerability in Noise-Java allows out-of-... (How to Fix)

📋 TL;DR

This vulnerability in Noise-Java allows out-of-bounds memory access in the AESGCMOnCtrCipherState.encryptWithAd() function due to insufficient boundary checks. Attackers could potentially read or write beyond allocated memory boundaries, leading to information disclosure or remote code execution. Any application using affected versions of Noise-Java for cryptographic operations is vulnerable.

💻 Affected Systems

Products:

Noise-Java

Versions: All versions through 2020-08-27

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using the AESGCMOnCtrCipherState.encryptWithAd() method.

📦 What is this software?

Noise Java by Noise Java Project

View all CVEs affecting Noise Java →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or service disruption.

🟠

Likely Case

Information disclosure through memory leaks, potential denial of service via application crashes.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof-of-concept details available in public disclosures. Exploitation requires targeting specific application usage patterns.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 18e86b6f8bea7326934109aa9ffa705ebf4bde90 and later

Vendor Advisory: https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90

Restart Required: Yes

Instructions:

1. Update Noise-Java to version after commit 18e86b6f8bea7326934109aa9ffa705ebf4bde90
2. Rebuild and redeploy affected applications
3. Restart services using the library

🔧 Temporary Workarounds

Disable vulnerable encryption method

all

Avoid using AESGCMOnCtrCipherState.encryptWithAd() method in application code

Modify application code to use alternative encryption methods

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems
Deploy runtime application self-protection (RASP) or WAF with memory protection rules

🔍 How to Verify

Check if Vulnerable:

Check if application uses Noise-Java version dated 2020-08-27 or earlier

Check Version:

Check build.gradle or pom.xml for noise-java dependency version

Verify Fix Applied:

Verify Noise-Java version includes commit 18e86b6f8bea7326934109aa9ffa705ebf4bde90

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected out-of-memory errors

Network Indicators:

Unusual traffic patterns to/from applications using Noise-Java

SIEM Query:

source="application_logs" AND ("OutOfBounds" OR "MemoryAccessViolation" OR "Noise-Java")

📊 Metadata

CVE ID: CVE-2020-25023

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: September 4, 2020

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/159056/Noise-Java-AESGCMOnCtrCipherState.encryptWithAd-Insufficient-Boundary-Checks.html Third Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/13 Third Party Advisory
https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90 Patch,Third Party Advisory
https://github.com/rweather/noise-java/pull/12 Third Party Advisory
http://packetstormsecurity.com/files/159056/Noise-Java-AESGCMOnCtrCipherState.encryptWithAd-Insufficient-Boundary-Checks.html Third Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/13 Third Party Advisory
https://github.com/rweather/noise-java/commit/18e86b6f8bea7326934109aa9ffa705ebf4bde90 Patch,Third Party Advisory
https://github.com/rweather/noise-java/pull/12 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25023, you might also want to check these: