Name of the Vulnerable Software and Affected Versions ring versions (affected versions not specified)

Description The issue arises from the ring::aead::quic::HeaderProtectionKey::new mask() function, which may panic when overflow checking is enabled. An attacker can exploit this by sending a specially crafted packet in the QUIC protocol, potentially causing a panic in 1 out of every 2**32 packets sent and/or received. Additionally, on 64-bit targets, operations using ring::aead::{AES 128 GCM, AES 256 GCM} may panic when encrypting or decrypting large amounts of data, approximately 68,719,476,700 bytes, in a single chunk. However, protocols like TLS and SSH are not affected as they break down large data into smaller chunks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.