CVE-2024-21530

4.5 MEDIUM
Published: October 02, 2024 Modified: April 15, 2026
View on NVD

Description

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/advisories/GHSA-6878-6wc2-pf5h
Source: report@snyk.io
https://github.com/fadeevab/cocoon/commit/1b6392173ce35db4736a94b62b2d2973f9a71441
Source: report@snyk.io
https://github.com/fadeevab/cocoon/issues/22
Source: report@snyk.io
https://rustsec.org/advisories/RUSTSEC-2023-0068.html
Source: report@snyk.io
https://security.snyk.io/vuln/SNYK-RUST-COCOON-6028364
Source: report@snyk.io

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.5 / 10.0
EPSS (Exploit Probability)
0.0%
8th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-323

Related CVEs

CVE-2026-41113 8.1
CVE-2026-40308 N/A
CVE-2026-40249 N/A
CVE-2026-40248 N/A
CVE-2026-40247 N/A