VYPR

Aeads

by Rustcrypto

Source repositories

CVEs (2)

  • CVE-2023-42811MedSep 22, 2023
    risk 0.31cvss 4.7epss 0.00

    aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program…

  • CVE-2025-27498MedMar 3, 2025
    risk 0.29cvss epss 0.00

    aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be…