Karel Miko

**Name of the Vulnerable Software and Affected Versions** CryptX versions prior to 0.088 001 **Description** A stack buffer overflow exists in four AEAD decrypt verify helpers. The XS routines `gcm decrypt verify()`, `ccm decrypt verify()`, `chacha20poly1305 decrypt verify()`, and `eax decrypt verify()` copy a caller-supplied authentication tag into a fixed 144-byte stack buffer (`MAXBLOCKSIZE`) without verifying the length. An attacker-controlled tag exceeding this length can overwrite the stack beyond the buffer. **Recommendations** Update to version 0.088 001 or later.