7 matches found
openmls (>=0.4.0-pre.1 <=0.4.0-pre.2), openmls_evercrypt (>=0.1.0-pre.1 <=0.1.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs (=0.1.2)
hpke-rs CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs and may be impacted: - openmls =0.4.0-pre.1, =0.1.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G433-PQ76-6CMF...
hpke-rs (>=0.1.0-pre.1 <=0.1.0-pre.2), openmls (>=0.4.0-pre.1 <=0.4.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs-rust-crypto (=0.1.1)
hpke-rs-rust-crypto CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs-rust-crypto and may be impacted: - hpke-rs =0.1.0-pre.1, =0.4.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory:...
openmls (>=0.4.0-pre.1 <=0.4.0-pre.2), openmls_evercrypt (>=0.1.0-pre.1 <=0.1.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs (=0.1.2)
hpke-rs CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs and may be impacted: - openmls =0.4.0-pre.1, =0.1.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0069...
openmls (>=0.4.0-pre.1 <=0.4.0-pre.2), openmls_evercrypt (>=0.1.0-pre.1 <=0.1.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs (=0.1.2)
hpke-rs CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs and may be impacted: - openmls =0.4.0-pre.1, =0.1.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0070...
RUSTSEC-2026-0069 Incorrect Length Encoding on KDF Export
Passing values length 65535 to Context::export produces output that disagrees with the RFC 9180 label encoding. In particular the length value is cast to u16 truncating any value exceeding 65535. Impact Applications that use hpke-rs to export very large secrets would experience interoperability...
hpke-rs (>=0.1.0-pre.1 <=0.1.0-pre.2), openmls (>=0.4.0-pre.1 <=0.4.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs-rust-crypto (=0.1.1)
hpke-rs-rust-crypto CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs-rust-crypto and may be impacted: - hpke-rs =0.1.0-pre.1, =0.4.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-00...
Missing Check for All-Zero X25519 Shared Secret
Computing an X25519 shared secret with x25519dalek::StaticSecret::diffiehellman does not include the check that the key exchange was contributory, i.e. does not ensure on its own that the resulting shared secret is non-zero. Impact RFC 9180 mandates that implementations of HPKE must check for all...