mirror of
https://github.com/vrcx-team/VRCX.git
synced 2026-04-06 00:32:02 +02:00
fix: AES key generation out of bounds #117
Closed
opened 2026-04-05 16:16:09 +02:00 by MrUnknownDE
·
0 comments
No Branch/Tag Specified
master
v2026.02.11
v2026.01.28
v2026.01.04
v2025.12.06
v2025.11.16
v2025.10.27
v2025.10.11
v2025.09.10
v2025.08.17
v2025.06.30
v2025.05.09
v2025.03.01
v2025.01.31
v2024.12.30
v2024.12.03
v2024.10.25
v2024.10.11
v2024.09.02
v2024.07.29
v2024.06.12
v2024.05.09
v2024.05.11
v2024.03.23
v2024.03.17
v2023.12.24
v2023.11.06
v2023.09.18
v2023.07.30
v2023.06.30
v2023.06.15
v2023.05.01
v2023.02.18
v2022.12.30
v2022.12.08
v2022.11.04
v2022.10.05
v2022.09.09
v2022.08.16
v2022.07.30
v2022.07.13
v2022.05.05
v2022.03.31
v2022.03.12
v2022.02.02
v2021.12.16
v2021.11.04
v2021.10.02
v2021.08.15
v2021.07.08
v2021.05.26
v2021.05.07
v2021.04.04
v2021.03.08
v2021.01.30.1
v2021.01.30
v2021.01.09
v2020.12.13
v2020.10.25
v2020.07.13
v2020.07.12
v2020.04.07
v2020.03.21
v2020.02.01
v2020.01.26
v2019.11.18
v2019.10.31.1
v2019.10.31
v2019.09.26
v2019.09.24
v2019.09.23
v2019.09.04
v2019.08.21
v2019.08.20
v2019.08.17.1
v2019.08.17
Labels
Clear labels
AI
AI
AI
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Bug
Cannot Reproduce
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Done
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
Feature
In Progress
In Progress
In Progress
In Progress
In Progress
In Progress
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Linux
Needs Discussion
Needs Info
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
Niche
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
PR Welcome
Question
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
Stale
UI
UI
UI
UI
UI
UI
UI
UI
UI
UI
UI
UI
UI
Uninstall Avast
Uninstall Avast
Uninstall Avast
Uninstall Avast
VR
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
Wontfix
i18n
i18n
i18n
i18n
i18n
i18n
macOS
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
MrUnknownDE
Clear assignees
MrUnknownDE
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github/VRCX#117
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @wilk-polarny on 1/24/2026
AES key generation assumes that character amount = byte length, which is a dangerous assumption when working with multi-byte characters.
Using a password with multi-byte characters might trigger the padding logic, if the password has less than 32 characters but more than 32 bytes, thus leading to illegal Array accesses.
The proposed solution is to go off of the actual byte array, rather than the character sequence.