RUSTSEC-2026-0124

Potential Panic on Overlong Ciphertext Buffer

Reported

March 29, 2026

Issued

May 13, 2026

Package

libcrux-chacha20poly1305 (crates.io)

Type

Vulnerability

References

https://github.com/cryspen/libcrux/pull/1386

CVSS Score

8.2 HIGH

CVSS Details

Attack Complexity: Low
Attack Requirements: Present
Attack Vector: Network
Privileges Required: None
Availability Impact to the Subsequent System: None
Confidentiality Impact to the Subsequent System: None
Integrity Impact to the Subsequent System: None
User Interaction: None
Availability Impact to the Vulnerable System: High
Confidentiality Impact to the Vulnerable System: None
Integrity Impact to the Vulnerable System: None

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Patched

>=0.0.8

Affected Functions

Version

libcrux_chacha20poly1305::encrypt

<0.0.8

libcrux_chacha20poly1305::xchacha20_poly1305::encrypt

<0.0.8

Description

An application that passes in a ciphertext buffer of length greater than ptxt.len() + TAG_LEN to libcrux_chacha20poly1305::encrypt or libcrux_chacha20poly1305::xchacha20_poly1305::encrypt would experience a panic.

Impact

An application where the length of the ciphertext buffer is under attacker control could be made to crash.

Mitigation

The fix makes it so that libcrux_chacha20poly1305::encrypt and libcrux_chacha20poly1305::xchacha20_poly1305::encrypt no longer panic in this case, but instead write out the ciphertext and tag into the first ptxt.len() + TAG_LEN bytes of the provided buffer.

Advisory available under CC0-1.0 license.