❌

Normal view

Empty-ciphertext panic in aws-encryption-provider (CVD with AWS)

While fuzzing the Kubernetes AWS KMS provider, researchers at Syntetisk found a denial-of-service issue in aws-encryption-provider where an empty ciphertext field could trigger an unrecovered Go panic and crash the plugin process.

The writeup includes root-cause analysis, crash path details, reproducer examples, impact discussion, and disclosure timeline

submitted by /u/Sandwich_1337
[link] [comments]
❌