{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/memory-safety/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["vulnerability","memory-safety","swift-crypto"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA vulnerability exists in the X-Wing decapsulation path within the swift-crypto library (versions 4.0.0 to 4.3.0). The vulnerability stems from the lack of proper validation of the encapsulated ciphertext length during the decapsulation process. Specifically, the \u003ccode\u003edecapsulate\u003c/code\u003e function of \u003ccode\u003eOpenSSLXWingPrivateKeyImpl\u003c/code\u003e does not perform a length check before passing the encapsulated data to the underlying C API, which expects a fixed-size buffer of 1120 bytes. This allows an attacker to supply a shorter ciphertext, leading to an out-of-bounds read when the C code attempts to access memory beyond the provided buffer. This issue can be triggered by initializing an \u003ccode\u003eHPKE.Recipient\u003c/code\u003e with a malformed \u003ccode\u003eencapsulatedKey\u003c/code\u003e. Exploitation of this vulnerability could potentially lead to a crash or memory disclosure.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malformed HPKE encapsulated key with a length less than 1120 bytes.\u003c/li\u003e\n\u003cli\u003eThe attacker initiates a connection to a service utilizing the swift-crypto library with X-Wing HPKE.\u003c/li\u003e\n\u003cli\u003eThe service attempts to initialize an \u003ccode\u003eHPKE.Recipient\u003c/code\u003e with the attacker-controlled, malformed \u003ccode\u003eencapsulatedKey\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eHPKE.Recipient\u003c/code\u003e initialization calls the \u003ccode\u003edecapsulate\u003c/code\u003e function of \u003ccode\u003eOpenSSLXWingPrivateKeyImpl\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edecapsulate\u003c/code\u003e function passes the undersized \u003ccode\u003eencapsulatedKey\u003c/code\u003e to the \u003ccode\u003eCCryptoBoringSSL_XWING_decap\u003c/code\u003e C API without proper length validation.\u003c/li\u003e\n\u003cli\u003eThe C API attempts to read 1120 bytes from the undersized buffer, resulting in an out-of-bounds read.\u003c/li\u003e\n\u003cli\u003eThe out-of-bounds read can cause a crash or potentially leak sensitive memory contents.\u003c/li\u003e\n\u003cli\u003eThe attacker may leverage the crash to cause a denial of service or use memory disclosure for further exploitation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to cause an out-of-bounds read in the swift-crypto library. This could lead to denial-of-service conditions due to application crashes, or potentially enable sensitive information disclosure, depending on the specific memory layout and runtime protections in place. The affected package is swift/swift-crypto (vulnerable versions: \u0026gt;= 4.0.0, \u0026lt;= 4.3.0).\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the swift-crypto library to a patched version (greater than 4.3.0) to remediate the vulnerability and prevent out-of-bounds reads.\u003c/li\u003e\n\u003cli\u003eImplement input validation on the length of HPKE encapsulated keys before passing them to the \u003ccode\u003eHPKE.Recipient\u003c/code\u003e initializer to prevent the vulnerable code path from being reached.\u003c/li\u003e\n\u003cli\u003eEnable AddressSanitizer (ASan) during development and testing to detect memory safety issues like this one early.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect HPKE Recipient Init with Short Encapsulated Key\u003c/code\u003e to identify attempts to exploit this vulnerability via short encapsulated key values.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T03:39:38Z","date_published":"2026-04-03T03:39:38Z","id":"/briefs/2026-04-swift-crypto-xwing-hpke-decapsulation-vulnerability/","summary":"The X-Wing decapsulation path in swift-crypto accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length of 1120 bytes, leading to a potential out-of-bounds read.","title":"Swift Crypto X-Wing HPKE Decapsulation Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-swift-crypto-xwing-hpke-decapsulation-vulnerability/"}],"language":"en","title":"CraftedSignal Threat Feed — Memory-Safety","version":"https://jsonfeed.org/version/1.1"}