data/reports: add GO-2022-0635, review GO-2022-0646

tatianab · gopherbot · commit dee8c78be35e · 2024-12-12T14:00:07.000-08:00
Split GO-2022-0646 into 2 reports. (They are different vulnerabilities which we had previously decided to merge - this is in line with our new goal of closely matching the structure of 3rd party reports). Remove the fixed version which is not correct. The vulnerability is present in all of V1. Add a note so we don't re-introduce the mistake. - data/reports/GO-2022-0635.yaml - data/reports/GO-2022-0646.yaml Fixes #635 Fixes #646 Updates #3285 Change-Id: I6a3c4547015a24489f2d62bb9b8fffebd927cef0 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635736 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2022-0635.json b/data/osv/GO-2022-0635.json
@@ -0,0 +1,80 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2022-0635",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2020-8912",
+    "GHSA-7f33-f4f5-xwgw"
+  ],
+  "summary": "In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go",
+  "details": "A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this in combination with a decryption oracle can reveal the authentication key used by AES-GCM as decrypting the GMAC tag leaves the authentication key recoverable as an algebraic equation. It is recommended to update your SDK to V2 or later, and re-encrypt your files.",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/aws/aws-sdk-go",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/aws/aws-sdk-go/service/s3/s3crypto",
+            "symbols": [
+              "NewDecryptionClient",
+              "NewEncryptionClient"
+            ]
+          }
+        ]
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/google/security-research/security/advisories/GHSA-7f33-f4f5-xwgw"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/aws/aws-sdk-go/pull/3403"
+    },
+    {
+      "type": "WEB",
+      "url": "https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869801"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc"
+    }
+  ],
+  "credits": [
+    {
+      "name": "Sophie Schmieg from the Google ISE team"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2022-0635",
+    "review_status": "REVIEWED"
+  }
+}
diff --git a/data/osv/GO-2022-0646.json b/data/osv/GO-2022-0646.json
@@ -2,15 +2,13 @@
   "schema_version": "1.3.1",
   "id": "GO-2022-0646",
   "modified": "0001-01-01T00:00:00Z",
-  "published": "2022-02-11T23:26:26Z",
+  "published": "0001-01-01T00:00:00Z",
   "aliases": [
     "CVE-2020-8911",
-    "CVE-2020-8912",
-    "GHSA-7f33-f4f5-xwgw",
     "GHSA-f5pg-7wfw-84q9"
   ],
-  "summary": "Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go",
-  "details": "The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker with write access to a bucket to decrypt files in that bucket.\n\nFiles encrypted by the V1 EncryptionClient using either the AES-CBC content cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the V1 EncryptionClientV2 API, which will not create vulnerable files. Old files will remain vulnerable until re-encrypted with the new client.",
+  "summary": "CBC padding oracle issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go",
+  "details": "A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code (MAC), which then allows an attacker who has write access to the target's S3 bucket and can observe whether or not an endpoint with access to the key can decrypt a file, they can reconstruct the plaintext with (on average) 128*length (plaintext) queries to the endpoint, by exploiting CBC's ability to manipulate the bytes of the next block and PKCS5 padding errors. It is recommended to update your SDK to V2 or later, and re-encrypt your files.",
   "affected": [
     {
       "package": {
@@ -23,9 +21,6 @@
           "events": [
             {
               "introduced": "0"
-            },
-            {
-              "fixed": "1.34.0"
             }
           ]
         }
@@ -46,15 +41,31 @@
   "references": [
     {
       "type": "ADVISORY",
-      "url": "https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09"
+      "url": "https://github.com/google/security-research/security/advisories/GHSA-f5pg-7wfw-84q9"
     },
     {
       "type": "FIX",
-      "url": "https://github.com/aws/aws-sdk-go/pull/3403"
+      "url": "https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e"
     },
     {
       "type": "FIX",
       "url": "https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/aws/aws-sdk-go/pull/3403"
+    },
+    {
+      "type": "WEB",
+      "url": "https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869800"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc"
     }
   ],
   "credits": [
diff --git a/data/reports/GO-2022-0635.yaml b/data/reports/GO-2022-0635.yaml
@@ -0,0 +1,41 @@
+id: GO-2022-0635
+modules:
+    - module: github.com/aws/aws-sdk-go
+      vulnerable_at: 1.33.21
+      packages:
+        - package: github.com/aws/aws-sdk-go/service/s3/s3crypto
+          symbols:
+            - NewEncryptionClient
+            - NewDecryptionClient
+summary: |-
+    In-band key negotiation issue in AWS S3 Crypto SDK for golang in
+    github.com/aws/aws-sdk-go
+description: |-
+    A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK
+    for GoLang versions prior to V2. An attacker with write access to the targeted
+    bucket can change the encryption algorithm of an object in the bucket, which can
+    then allow them to change AES-GCM to AES-CTR. Using this in combination with a
+    decryption oracle can reveal the authentication key used by AES-GCM as
+    decrypting the GMAC tag leaves the authentication key recoverable as an
+    algebraic equation. It is recommended to update your SDK to V2 or later, and
+    re-encrypt your files.
+cves:
+    - CVE-2020-8912
+ghsas:
+    - GHSA-7f33-f4f5-xwgw
+credits:
+    - Sophie Schmieg from the Google ISE team
+references:
+    - advisory: https://github.com/google/security-research/security/advisories/GHSA-7f33-f4f5-xwgw
+    - fix: https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e
+    - fix: https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4
+    - fix: https://github.com/aws/aws-sdk-go/pull/3403
+    - web: https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09
+    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1869801
+    - web: https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc
+notes:
+    - https://github.com/advisories/GHSA-7f33-f4f5-xwgw mistakenly lists this vulnerability as patched in 1.34.0.
+source:
+    id: GHSA-7f33-f4f5-xwgw
+    created: 2024-12-12T15:16:32.138747-05:00
+review_status: REVIEWED
diff --git a/data/reports/GO-2022-0646.yaml b/data/reports/GO-2022-0646.yaml
@@ -1,34 +1,42 @@
 id: GO-2022-0646
 modules:
     - module: github.com/aws/aws-sdk-go
-      versions:
-        - fixed: 1.34.0
       vulnerable_at: 1.33.21
       packages:
         - package: github.com/aws/aws-sdk-go/service/s3/s3crypto
           symbols:
-            - NewDecryptionClient
             - NewEncryptionClient
-summary: Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go
+            - NewDecryptionClient
+summary: |-
+    CBC padding oracle issue in AWS S3 Crypto SDK for golang in
+    github.com/aws/aws-sdk-go
 description: |-
-    The Go AWS S3 Crypto SDK contains vulnerabilities that can permit an attacker
-    with write access to a bucket to decrypt files in that bucket.
-
-    Files encrypted by the V1 EncryptionClient using either the AES-CBC content
-    cipher or the KMS key wrap algorithm are vulnerable. Users should migrate to the
-    V1 EncryptionClientV2 API, which will not create vulnerable files. Old files
-    will remain vulnerable until re-encrypted with the new client.
-published: 2022-02-11T23:26:26Z
+    A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang
+    versions prior to V2. The SDK allows users to encrypt files with AES-CBC without
+    computing a Message Authentication Code (MAC), which then allows an attacker who
+    has write access to the target's S3 bucket and can observe whether or not an
+    endpoint with access to the key can decrypt a file, they can reconstruct the
+    plaintext with (on average) 128*length (plaintext) queries to the endpoint, by
+    exploiting CBC's ability to manipulate the bytes of the next block and PKCS5
+    padding errors. It is recommended to update your SDK to V2 or later, and
+    re-encrypt your files.
 cves:
     - CVE-2020-8911
-    - CVE-2020-8912
 ghsas:
-    - GHSA-7f33-f4f5-xwgw
     - GHSA-f5pg-7wfw-84q9
 credits:
     - Sophie Schmieg from the Google ISE team
 references:
-    - advisory: https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09
-    - fix: https://github.com/aws/aws-sdk-go/pull/3403
+    - advisory: https://github.com/google/security-research/security/advisories/GHSA-f5pg-7wfw-84q9
+    - fix: https://github.com/aws/aws-sdk-go/commit/1e84382fa1c0086362b5a4b68e068d4f8518d40e
     - fix: https://github.com/aws/aws-sdk-go/commit/ae9b9fd92af132cfd8d879809d8611825ba135f4
+    - fix: https://github.com/aws/aws-sdk-go/pull/3403
+    - web: https://aws.amazon.com/blogs/developer/updates-to-the-amazon-s3-encryption-client/?s=09
+    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1869800
+    - web: https://github.com/sophieschmieg/exploits/tree/master/aws_s3_crypto_poc
+notes:
+    - https://github.com/advisories/GHSA-f5pg-7wfw-84q9 mistakenly lists this vulnerability as patched in 1.34.0.
+source:
+    id: GHSA-f5pg-7wfw-84q9
+    created: 2024-12-12T15:34:22.739805-05:00
 review_status: REVIEWED
