netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

PT-2026-26349

Stack Buffer Overflow in wc HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH Encrypted Client Hello support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client...

Nonce Reuse in HPKE Context

The sequence number that is used to compute the AEAD nonce when using a re-usable HPKE context is incremented after each seal or open operation. This sequence number was stored as a u32 and used regular addition on u32 for the increment, meaning in release mode it would silently wrap around to 0...

hpke-js 安全漏洞

hpke-js is a hybrid public key cryptographic module from the individual developer Ajitomi Daisuke. A security vulnerability exists in hpke-js versions prior to 1.7.5, which stems from a race condition in the SenderContext Seal API that could lead to a loss of message confidentiality and integrity...