<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Libcrux-Poly1305 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/libcrux-poly1305/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 24 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/libcrux-poly1305/feed.xml" rel="self" type="application/rss+xml"/><item><title>libcrux-poly1305 Standalone MAC Panic Vulnerability</title><link>https://feed.craftedsignal.io/briefs/2024-01-libcrux-panic/</link><pubDate>Wed, 24 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-libcrux-panic/</guid><description>An incorrect key length constant in libcrux-poly1305 versions before 0.0.5 causes the `libcrux_poly1305::mac` function to panic due to out-of-bounds memory access when used as a standalone MAC.</description><content:encoded><![CDATA[<p>The <code>libcrux-poly1305</code> crate, a Rust implementation of the Poly1305 message authentication code, contained a critical vulnerability in versions prior to 0.0.5. An incorrect constant defining the key length caused the <code>libcrux_poly1305::mac</code> function to panic due to an out-of-bounds memory access. This vulnerability specifically affected applications using <code>libcrux-poly1305</code> as a standalone MAC implementation. The vulnerability was introduced prior to version 0.0.5 and was resolved in version 0.0.5 by correcting the key length constant. Applications relying on the standalone MAC functionality of the vulnerable versions of <code>libcrux-poly1305</code> are susceptible to denial-of-service due to the panics. This issue does not affect the use of <code>libcrux-poly1305</code> within <code>libcrux-chacha20poly1305</code>.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An application incorporates <code>libcrux-poly1305</code> as a dependency for MAC functionality.</li>
<li>The application utilizes the <code>libcrux_poly1305::mac</code> function to generate a MAC for data integrity.</li>
<li>The <code>libcrux_poly1305::mac</code> function attempts to access memory based on the incorrect key length constant.</li>
<li>Due to the out-of-bounds access, the function triggers a panic.</li>
<li>The application crashes due to the unhandled panic.</li>
<li>Service availability is interrupted as the application terminates unexpectedly.</li>
<li>Repeated attempts to utilize the MAC functionality result in recurring panics and application crashes.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The vulnerability leads to a denial-of-service condition for applications that rely on <code>libcrux-poly1305</code> as a standalone MAC. Any application using versions prior to 0.0.5 will experience panics when attempting to utilize the <code>libcrux_poly1305::mac</code> function. This can result in application crashes and service interruptions, potentially impacting critical functionality. While the advisory does not specify a number of victims, any deployment utilizing the vulnerable library is potentially affected.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade the <code>rust/libcrux-poly1305</code> package to version 0.0.5 or later to remediate the vulnerability, as indicated in the advisory.</li>
<li>Monitor application logs for unexpected panics originating from the <code>libcrux_poly1305::mac</code> function.</li>
<li>Implement automated testing that specifically exercises the standalone MAC functionality to detect any regressions.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>rust</category><category>libcrux-poly1305</category><category>panic</category><category>denial-of-service</category></item></channel></rss>