PT-2026-21481 · Crates.Io · Libcrux-Ecdh+2

Publicado

2026-02-12

·

Atualizado

2026-02-12

CVSS v4.0

0.0

Nenhuma

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
In accordance with our security policy for libcrux, we publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the libcrux-ecdh, libcrux-ed25519 and libcrux-psq crates contain the following bug-fixes:

libcrux-ecdh

  • #1301: Check length and clamping in X25519 secret validation. This is a breaking change since errors are now raised on unclamped X25519 secrets or inputs of the wrong length

libcrux-ed25519

  • #1320: Remove duplicated clamping step during key generation
The issue fixed in #1320 was first reported by Nadim Kobeissi.

libcrux-psq

  • #1319: Propagate AEADError instead of panicking
  • #1301: Fix broken clamping check for imported X25519 secret keys
The issue fixed in #1319 was first reported by Nadim Kobeissi.

Correção

Use of a Broken Cryptographic Algorithm

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327CWE-20

Identificadores relacionados

GHSA-435G-FCV3-8J26

Produtos afetados

Libcrux-Ecdh
Libcrux-Ed25519
Libcrux-Psq