Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.
References
Link | Resource |
---|---|
https://briarproject.org/news/2023-three-security-issues-found-and-fixed/ | Vendor Advisory |
https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf | Exploit Technical Description Third Party Advisory |
Configurations
History
01 Jun 2023, 16:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf - Exploit, Technical Description, Third Party Advisory | |
References | (MISC) https://briarproject.org/news/2023-three-security-issues-found-and-fixed/ - Vendor Advisory | |
CWE | CWE-354 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Briarproject
Briarproject briar |
|
CPE | cpe:2.3:a:briarproject:briar:*:*:*:*:*:*:*:* |
Information
Published : 2023-05-24 18:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-33981
Mitre link : CVE-2023-33981
CVE.ORG link : CVE-2023-33981
JSON object : View
Products Affected
briarproject
- briar
CWE
CWE-354
Improper Validation of Integrity Check Value