Known issues

Stay organized with collections Save and categorize content based on your preferences.

This page lists known issues in Tink. To report an issue or view recent reports from other users, go to our issues page on GitHub.

Java (excluding Android)

Notes

Tink Java uses an underlying security provider, like Conscrypt, Oracle JDK, OpenJDK, or Bouncy Castle. Any security issue in a provider may be inherited in Tink Java.

We recommend using Tink with the latest version of the provider, especially if you use ECDSA (alternative: ED25519) or AES-GCM (alternatives: AES-EAX, AES-CTR-HMAC-AEAD or XChaCha20-Poly1305).

Issues

Issue Affected Versions
Streaming AEAD: Integer overflow 1.0.0 - 1.3.0
Envelope AEAD: Malleability All
Fork Safety All

Android

Notes

The minimum API level that Tink supports is 19 (Android KitKat).

On Android, Tink uses the Conscrypt provided by GMS core by default, and Conscrypt otherwise. Any security issue in a provider may be inherited in Tink.

We recommend using Tink with the latest version of the provider.

Issues

Issue Affected Tink Versions Affected Android API levels
Streaming AEAD: Integer overflow 1.0.0 - 1.3.0 All
Envelope AEAD: Malleability All All
Fork Safety All All
AesGcm All <= 19
Unsupported (see above) All <= 18

C++

Notes

Tink C++ uses either BoringSSL or OpenSSL as an underlying library. Any security issue in the underlying library may be inherited in Tink C++.

Issues

Issue Affected Versions
Subtle AEAD: AES-CTR-HMAC and EncryptThenAuthenticate 1.0.0 - 1.3.0
Envelope AEAD: Malleability All
Fork Safety All

Python

Notes

Tink Python is a wrapper around Tink C++ using pybind11. Any security issue in Tink C++ may be inherited in Tink Python.

Issues

Issue Affected Versions
Envelope AEAD: Malleability All
Fork Safety All

Go

Notes

Tink Go uses the underlying Go crypto libraries. Any security issues in those libraries may be inherited by Tink Go.

ISSUES

Issue Affected Versions
Streaming AEAD: Integer overflow 1.0.0 - 1.3.0
Envelope AEAD: Malleability All
Fork Safety All

Objective-C

Notes

Tink Objective-C is a wrapper around Tink C++. Any security issue in Tink C++ may be inherited in Tink Objective-C.

Issues

Issue Affected Versions
Envelope AEAD: Malleability All
Fork Safety All