{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/libcrux-poly1305/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["libcrux-poly1305"],"_cs_severities":["high"],"_cs_tags":["rust","libcrux-poly1305","panic","denial-of-service"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003elibcrux-poly1305\u003c/code\u003e crate, a Rust implementation of the Poly1305 message authentication code, contained a critical vulnerability in versions prior to 0.0.5. An incorrect constant defining the key length caused the \u003ccode\u003elibcrux_poly1305::mac\u003c/code\u003e function to panic due to an out-of-bounds memory access. This vulnerability specifically affected applications using \u003ccode\u003elibcrux-poly1305\u003c/code\u003e as a standalone MAC implementation. The vulnerability was introduced prior to version 0.0.5 and was resolved in version 0.0.5 by correcting the key length constant. Applications relying on the standalone MAC functionality of the vulnerable versions of \u003ccode\u003elibcrux-poly1305\u003c/code\u003e are susceptible to denial-of-service due to the panics. This issue does not affect the use of \u003ccode\u003elibcrux-poly1305\u003c/code\u003e within \u003ccode\u003elibcrux-chacha20poly1305\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn application incorporates \u003ccode\u003elibcrux-poly1305\u003c/code\u003e as a dependency for MAC functionality.\u003c/li\u003e\n\u003cli\u003eThe application utilizes the \u003ccode\u003elibcrux_poly1305::mac\u003c/code\u003e function to generate a MAC for data integrity.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003elibcrux_poly1305::mac\u003c/code\u003e function attempts to access memory based on the incorrect key length constant.\u003c/li\u003e\n\u003cli\u003eDue to the out-of-bounds access, the function triggers a panic.\u003c/li\u003e\n\u003cli\u003eThe application crashes due to the unhandled panic.\u003c/li\u003e\n\u003cli\u003eService availability is interrupted as the application terminates unexpectedly.\u003c/li\u003e\n\u003cli\u003eRepeated attempts to utilize the MAC functionality result in recurring panics and application crashes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe vulnerability leads to a denial-of-service condition for applications that rely on \u003ccode\u003elibcrux-poly1305\u003c/code\u003e as a standalone MAC. Any application using versions prior to 0.0.5 will experience panics when attempting to utilize the \u003ccode\u003elibcrux_poly1305::mac\u003c/code\u003e function. This can result in application crashes and service interruptions, potentially impacting critical functionality. While the advisory does not specify a number of victims, any deployment utilizing the vulnerable library is potentially affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003erust/libcrux-poly1305\u003c/code\u003e package to version 0.0.5 or later to remediate the vulnerability, as indicated in the advisory.\u003c/li\u003e\n\u003cli\u003eMonitor application logs for unexpected panics originating from the \u003ccode\u003elibcrux_poly1305::mac\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eImplement automated testing that specifically exercises the standalone MAC functionality to detect any regressions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-24T12:00:00Z","date_published":"2024-01-24T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-libcrux-panic/","summary":"An incorrect key length constant in libcrux-poly1305 versions before 0.0.5 causes the `libcrux_poly1305::mac` function to panic due to out-of-bounds memory access when used as a standalone MAC.","title":"libcrux-poly1305 Standalone MAC Panic Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-libcrux-panic/"}],"language":"en","title":"CraftedSignal Threat Feed - Libcrux-Poly1305","version":"https://jsonfeed.org/version/1.1"}