Posted by Pascal Cuoq on Oct 13

The library tiny-AES128-C, available from https://github.com/kokke/tiny-AES128-C , contains a buffer overflow in its
AES128_CBC_encrypt_buffer() function, where 15 bytes beyond the end of the input buffer can be overwritten. For
instance, if the function is invoked with an input buffer of length 33, the bytes at offsets 33…47 with respect to the
beginning of the input buffer will be overwritten. An attacker controlling either the key or the…