2 matches found
CVE-2025-27498
The CVE-2025-27498 entry concerns a vulnerability in a pure Rust AES-GCM implementation where decrypt_in_place_detached can expose the decrypted plaintext even if the authentication tag is invalid. Root cause: in decrypt_in_place in asconcore.rs, a tag verification error is returned while the pla...
SUSE CVE-2023-42811
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...