PT-2026-44386 · Cryptx · Cryptx
Karel Miko
·
Published
2026-05-28
·
Updated
2026-06-10
·
CVE-2026-41565
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
CryptX versions prior to 0.088 001
Description
A stack buffer overflow exists in four AEAD decrypt verify helpers. The XS routines
gcm decrypt verify(), ccm decrypt verify(), chacha20poly1305 decrypt verify(), and eax decrypt verify() copy a caller-supplied authentication tag into a fixed 144-byte stack buffer (MAXBLOCKSIZE) without verifying the length. An attacker-controlled tag exceeding this length can overwrite the stack beyond the buffer.Recommendations
Update to version 0.088 001 or later.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cryptx