Name of the Vulnerable Software and Affected Versions: aes crate (affected versions not specified)

Description: The aes crate has been updated to autodetect AES-NI at runtime on i686/x86-64 platforms. If AES-NI is not present, it falls back to a constant-time portable software implementation.

Recommendations: To ensure constant-time portable implementation is used, even if AES-NI is available, use the force-soft feature of the aes crate to disable autodetection. At the moment, there is no information about a newer version that contains a fix for this issue.