VDB
EN

RUSTSEC-2026-0209

AES-GCM did not enforce limits on AAD length

상세

NIST Special Publication 800-38D specifies that the bit length of the AAD shall not exceed `2^64 - 1` bits. The implementation of AES-GCM in `libcrux-aesgcm` neither enforced this limit for encryption nor for decryption.

## Impact Use of AES-GCM with AAD of length exceeding the prescribed maximum length degrades the authentication security of the GCM tag.

## Mitigation Starting from version `0.0.9` (published as `libcrux-aes@v0.0.9`), limits on the length of the AAD input are enforced, so overlong AAD inputs result in an error on encryption and decryption.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

crates.io / libcrux-aesgcm
최초 영향 버전: 0.0.0-0

No fixed version published yet for libcrux-aesgcm. Pin to a known-safe version or switch to an alternative.

참고