CVE-2019-25005

Name of the Vulnerable Software and Affected Versions chacha20 crate versions prior to 0.2.3

Description A ChaCha20 counter overflow issue makes it easier for attackers to determine plaintext. The ChaCha20 stream cipher can produce a maximum of 2^32 blocks before the 32-bit counter overflows. When this limit is exceeded, the keystream is duplicated, leading to failure modes similar to nonce reuse, which can expose the XOR of two plaintexts.

Recommendations For versions prior to 0.2.3, update to version 0.2.3 or later to resolve the issue, as this version now panics when the counter overflow occurs, preventing the exposure of the duplicated keystream.