CVE

GHSA-xrf2-5r3p-5wgj

libcrux: Panic in Signature Hint Decoding During Verification

CVE

GHSA-xrf2-5r3p-5wgj

libcrux: Panic in Signature Hint Decoding During Verification

During ML-DSA verification the serialized hint values are decoded as specified in algorithm 22 HintBitUnpack of FIPS 204, subsection 7.1. The algorithm requires that the cumulative hint counters per row of the hint vector are strictly increasing and below a maximum value which depends on the choice of ML-DSA parameter set (line 4).

In libcrux-ml-dsa, hint decoding did not check the boundedness of the cumulative hint counter of the last row of the hint vector.

Impact

A manipulated invalid hint can cause an out-of-bounds memory access since the hint decoding logic may attempt to read outside the bounds of the serialized signature, causing a runtime panic.

Mitigation

Starting from version 0.0.8, hint decoding will check the cumulative hint counter of the last row as well.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

Related Resources

No items found.

References

https://github.com/cryspen/libcrux/pull/1348, https://github.com/cryspen/libcrux, https://rustsec.org/advisories/RUSTSEC-2026-0076.html

Severity

0

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

EPSS Percentile

Introduced Version

Fix Available

0.0.8

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-xrf2-5r3p-5wgj

GHSA-xrf2-5r3p-5wgj

Impact

Mitigation

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

0

Basic Information

Fix Critical Vulnerabilities Instantly