CVE-2021-4239

Name of the Vulnerable Software and Affected Versions github.com/flynn/noise versions prior to v1.0.0

Description The Noise protocol implementation has weakened cryptographic security after encrypting 2^64 messages and is vulnerable to a potential denial of service attack. After 2^64 messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. The Decrypt function increments the nonce state even when it fails to decrypt a message, allowing an attacker to desynchronize the nonce state between peers by providing an invalid input, resulting in a failure to encrypt all subsequent messages.

Recommendations For versions prior to v1.0.0, update to v1.0.0 or later to resolve the issue. As a temporary workaround, consider implementing a handshake again when the ErrMaxNonce error is encountered from the CipherState Encrypt and Decrypt methods to start with a fresh CipherState. Restrict access to the Decrypt function to minimize the risk of exploitation until the issue is resolved.