CryptoLib Out-of-Bounds Heap Read Vulnerability in KMC AEAD Encryption

A heap-based out-of-bounds read vulnerability has been identified in the 'cryptography_aead_encrypt()' function of CryptoLib, prior to version 1.4.3. This vulnerability arises from a flawed iteration pattern using 'strtok', which leads to reading past the allocated buffer's end. The issue is similar to a previously reported vulnerability in the 'cryptography_encrypt()' function'

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, which can lead to memory corruption. In the context of the KMC encryption process, this vulnerability can be exploited by a malicious or compromised KMC server, causing a denial-of-service by crashing the client application.

Reproduction

The vulnerability can be reproduced by using the CryptoLib KMC client to send a request to a mock KMC server. The mock server should be set up to respond with a crafted JSON that triggers the out-of-bounds read when the 'cryptography_aead_encrypt()' function is called. This can be done by returning a base64-encoded string that the function will process, exploiting the 'strtok' iteration to read past the buffer's end.

Remediation

Users should update to CryptoLib version 1.4.3, where this vulnerability has been patched.