CVE-2015-20112 Information

Description

RLPx 5 has two CTR streams based on the same key IV and nonce. This can facilitate decryption on a private network.

Reference

https://github.com/ethereum/devp2p/blob/master/rlpx.md#known-issues-in-the-current-version https://github.com/ethereum/devp2p/issues/32 https://github.com/ethereum/go-ethereum/issues/1315 https://github.com/hyperledger/besu/issues/7926 https://github.com/LaurentMT/go-ethereum/commit/e8cba7283b57280b1bcf5761478f852398365901

Related CNNVD

CNNVD-202506-3699 (Published: 2025-06-29)