PT-2026-21618 · Crates.Io · Hpke-Rs+1
Published
2026-02-13
·
Updated
2026-02-13
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
We publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the hpke-rs and hpke-rs-rust-crypto crates contain the following bug-fixes:
hpke-rs
- #127: Fix
KemAlgorithm::TryFrom<u16>mapping where0x004Dincorrectly resolved toXWingDraft06instead ofXWingDraft06Obsolete. - #123: Fix potential overflow in context counter and switch to use u64.
- #128: Return errors when trying to use open/seal with export only ciphersuite and when using kdf export with an output that's too long (instead of truncating it)
The issue fixed in #123 was first reported by Nadim Kobeissi.
The issues fixed in #127 and #128 were first reported by Scott Arciszewski.
hpke-rs-rust-crypto
- #124: Error out on x25519 0 keys
The issue fixed in #124 was first reported by Nadim Kobeissi.
Fix
RCE
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hpke-Rs
Hpke-Rs-Rust-Crypto