—
RUSTSEC-2026-0209
AES-GCM did not enforce limits on AAD length
상세
NIST Special Publication 800-38D specifies that the bit length of the AAD shall not exceed `2^64 - 1` bits. The implementation of AES-GCM in `libcrux-aesgcm` neither enforced this limit for encryption nor for decryption.
## Impact Use of AES-GCM with AAD of length exceeding the prescribed maximum length degrades the authentication security of the GCM tag.
## Mitigation Starting from version `0.0.9` (published as `libcrux-aes@v0.0.9`), limits on the length of the AAD input are enforced, so overlong AAD inputs result in an error on encryption and decryption.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
crates.io / libcrux-aesgcm
최초 영향 버전:
0.0.0-0 No fixed version published yet for libcrux-aesgcm. Pin to a known-safe version or switch to an alternative.