Security update for perl-CryptX (important)

openSUSE Security Update: Security update for perl-CryptX Announcement ID: openSUSE-SU-2026:0170-1 Rating: important References: 1244472 1262697 Cross-References: CVE-2025-40914 CVE-2026-41564 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes two vulnerabilities is now...

[SECURITY] Fedora 43 Update: rust-wycheproof-0.6.0-1.fc43

Wycheproof test vectors...

Fedora: Security Advisory (FEDORA-2026-9d5b9f45ec)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gcrypt-p256-malleability-poc

libgcrypt p256 signature malleability proof-of-concept explo...

Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...

GHSA-423W-P2W9-R7VQ AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...

AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...

Go 1.20 Cryptography

The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. By the way, thats going great, and Im going to write more about it here soon! Im pretty happy with...

Side channel timing attacks against (EC)DSA in RSA BSAFE CVE-2019-3739/CVE-2019-3740 - Project Wycheproof is the AFL for Cryptography

About a year ago I wrote this tweet and now I can finally justify it Project Wycheproof https://t.co/wBz9P8atHs is the AFL https://t.co/JM2l557PZi of crypto. Thanks a lot @XorNinja and team notably including Bleichenbacher for providing such a powerful tool — Antonio Sanso @asanso April 9, 2018 i...

Google's OSS-Fuzz Finds 1,000 Open Source Bugs

The numbers are in, and judging by them, OSS-Fuzz, the program Google unveiled last December to continuously fuzz open source software, has been a success. In five months the effort has unearthed more than 1,000 bugs, a quarter of them potential security vulnerabilities, Google says. OSS-Fuzz,...

Tests Crypto Libraries Against Known Attacks: Wycheproof

Rests Crypto Libraries Against Known Attacks Project Wycheproof tests crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product. In cryptography, subtle mistakes can have catastrophic consequences. Good...

Google Unveils Cryptographic Library Test Suite Wycheproof

Google continues to be in a giving mood this holiday season. The company on Monday announced Project Wycheproof, a collection of unit tests designed to help check for weaknesses in cryptographic algorithms. The project comes two weeks after Google debuted a fuzzer to help developers discover...