Streaming AEAD overflow

Affected Versions: Tink version 1.0 - 1.3.x on Java; Tink version 1.0 - 1.3.x on Android; Tink version 1.0 - 1.3.x on Golang
Affected Key Types: AES-GCM-HKDF

Description

Streaming AEAD implementations encrypt the plaintext in segments. Tink uses a 4-byte segment counter. When encrypting a stream consisting of more than 2³² segments, the segment counter might overflow and lead to leakage of key material or plaintext.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-07-11 UTC.