PT-2026-21618 · Crates.Io · Hpke-Rs+1
Publicado
2026-02-13
·
Atualizado
2026-02-13
CVSS v4.0
8.2
Alta
| Vetor | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
We publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the hpke-rs and hpke-rs-rust-crypto crates contain the following bug-fixes:
hpke-rs
- #127: Fix
KemAlgorithm::TryFrom<u16>mapping where0x004Dincorrectly resolved toXWingDraft06instead ofXWingDraft06Obsolete. - #123: Fix potential overflow in context counter and switch to use u64.
- #128: Return errors when trying to use open/seal with export only ciphersuite and when using kdf export with an output that's too long (instead of truncating it)
The issue fixed in #123 was first reported by Nadim Kobeissi.
The issues fixed in #127 and #128 were first reported by Scott Arciszewski.
hpke-rs-rust-crypto
- #124: Error out on x25519 0 keys
The issue fixed in #124 was first reported by Nadim Kobeissi.
Correção
RCE
Integer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Hpke-Rs
Hpke-Rs-Rust-Crypto