2 matches found
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
@avalabs/avalanche-module (>=0.0.0-CP-8940-20240801175729 <=3.9.1), @avalabs/bitcoin-module (>=0.0.0-CP-8940-20240801175729 <=3.9.1) +19 more potentially affected by CVE-2025-64767 via @hpke/core (>=1.2.5 <=1.7.4)
@hpke/core NPM version =1.2.5, =0.0.0-CP-8940-20240801175729, =0.0.0-CP-8940-20240801175729, =2.8.0-canary.a436aaa.0, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-canary.a436aaa.0, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-canary.a436aaa.0,...