- Reported
-
- Issued
-
- Package
-
libcrux-aesgcm
(crates.io)
- Type
-
Vulnerability
- Categories
-
- References
-
- CVSS Score
- 6.3
MEDIUM
- CVSS Details
-
- Attack Complexity
- Low
- Attack Requirements
- Present
- Attack Vector
- Network
- Privileges Required
- None
- Availability Impact to the Subsequent System
- None
- Confidentiality Impact to the Subsequent System
- None
- Integrity Impact to the Subsequent System
- None
- User Interaction
- None
- Availability Impact to the Vulnerable System
- None
- Confidentiality Impact to the Vulnerable System
- None
- Integrity Impact to the Vulnerable System
- Low
- CVSS Vector
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
- Patched
-
no patched versions
- Affected Functions
- Version
libcrux_aesgcm::AesGcm128Key::decrypt
-
libcrux_aesgcm::AesGcm128Key::encrypt
-
libcrux_aesgcm::AesGcm256Key::decrypt
-
libcrux_aesgcm::AesGcm256Key::encrypt
-
libcrux_aesgcm::aes_gcm_128::AesGcm128::decrypt
-
libcrux_aesgcm::aes_gcm_128::AesGcm128::encrypt
-
libcrux_aesgcm::aes_gcm_128::Key::decrypt
-
libcrux_aesgcm::aes_gcm_128::Key::encrypt
-
libcrux_aesgcm::aes_gcm_128::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_128::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_128::neon::Key::decrypt
-
libcrux_aesgcm::aes_gcm_128::neon::Key::encrypt
-
libcrux_aesgcm::aes_gcm_128::neon::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_128::neon::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_128::neon::NeonAesGcm128::decrypt
-
libcrux_aesgcm::aes_gcm_128::neon::NeonAesGcm128::encrypt
-
libcrux_aesgcm::aes_gcm_128::portable::Key::decrypt
-
libcrux_aesgcm::aes_gcm_128::portable::Key::encrypt
-
libcrux_aesgcm::aes_gcm_128::portable::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_128::portable::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_128::portable::PortableAesGcm128::decrypt
-
libcrux_aesgcm::aes_gcm_128::portable::PortableAesGcm128::encrypt
-
libcrux_aesgcm::aes_gcm_128::x64::Key::decrypt
-
libcrux_aesgcm::aes_gcm_128::x64::Key::encrypt
-
libcrux_aesgcm::aes_gcm_128::x64::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_128::x64::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_128::x64::X64AesGcm128::decrypt
-
libcrux_aesgcm::aes_gcm_128::x64::X64AesGcm128::encrypt
-
libcrux_aesgcm::aes_gcm_256::AesGcm256::decrypt
-
libcrux_aesgcm::aes_gcm_256::AesGcm256::encrypt
-
libcrux_aesgcm::aes_gcm_256::Key::decrypt
-
libcrux_aesgcm::aes_gcm_256::Key::encrypt
-
libcrux_aesgcm::aes_gcm_256::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_256::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_256::neon::Key::decrypt
-
libcrux_aesgcm::aes_gcm_256::neon::Key::encrypt
-
libcrux_aesgcm::aes_gcm_256::neon::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_256::neon::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_256::neon::NeonAesGcm256::decrypt
-
libcrux_aesgcm::aes_gcm_256::neon::NeonAesGcm256::encrypt
-
libcrux_aesgcm::aes_gcm_256::portable::Key::decrypt
-
libcrux_aesgcm::aes_gcm_256::portable::Key::encrypt
-
libcrux_aesgcm::aes_gcm_256::portable::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_256::portable::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_256::portable::PortableAesGcm256::decrypt
-
libcrux_aesgcm::aes_gcm_256::portable::PortableAesGcm256::encrypt
-
libcrux_aesgcm::aes_gcm_256::x64::Key::decrypt
-
libcrux_aesgcm::aes_gcm_256::x64::Key::encrypt
-
libcrux_aesgcm::aes_gcm_256::x64::KeyRef::decrypt
-
libcrux_aesgcm::aes_gcm_256::x64::KeyRef::encrypt
-
libcrux_aesgcm::aes_gcm_256::x64::X64AesGcm256::decrypt
-
libcrux_aesgcm::aes_gcm_256::x64::X64AesGcm256::encrypt
-
Description
NIST Special Publication 800-38D specifies that the bit length of the
AAD shall not exceed 2^64 - 1 bits. The implementation of AES-GCM in
libcrux-aesgcm neither enforced this limit for encryption nor for
decryption.
Impact
Use of AES-GCM with AAD of length exceeding the prescribed maximum
length degrades the authentication security of the GCM tag.
Mitigation
Starting from version 0.0.9 (published as libcrux-aes@v0.0.9),
limits on the length of the AAD input are enforced, so overlong AAD
inputs result in an error on encryption and decryption.
Advisory available under CC0-1.0
license.