CVE-2015-20112

June 30, 2025, 6:38 p.m.

3.4
Low

Description

RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.

Product(s) Impacted

Vendor Product Versions
Rlpx
  • Rlpx
  • 5

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-325
Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a rlpx rlpx 5 / / / / / / /

References

https://github.com/LaurentMT/go-ethereum/commit/e8cba7283b57280b1bcf5761478f852398365901
https://github.com/ethereum/devp2p/blob/master/rlpx.md#known-issues-in-the-current-version
https://github.com/ethereum/devp2p/issues/32
https://github.com/ethereum/go-ethereum/issues/1315
https://github.com/hyperledger/besu/issues/7926

Tags

cve@mitre.org
CWE-325
2025-06-29
CVE-2015-20112

CVSS Score

3.4 / 10

CVSS Data - 3.1

  • Attack Vector: ADJACENT_NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

    View Vector String

Timeline

Published: June 29, 2025, 9:15 p.m.
Last Modified: June 30, 2025, 6:38 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.