CVE-2025-27498
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-27498
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27498.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-27498
- Aliases
- Related
- Published
- 2025-03-03T17:15:16Z
- Modified
- 2025-03-04T02:01:16.326259Z
- Summary
- [none]
- Details
-
aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The vulnerability is fixed in 0.4.3.
- References
Affected packages
Git / github.com/rustcrypto/aeads
Affected ranges
- Type
- GIT
- Repo
- https://github.com/rustcrypto/aeads
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
aes-gcm-siv-v0.*
aes-gcm-siv-v0.1.0
aes-gcm-siv-v0.10.0
aes-gcm-siv-v0.10.1
aes-gcm-siv-v0.10.2
aes-gcm-siv-v0.10.3
aes-gcm-siv-v0.11.0
aes-gcm-siv-v0.11.0-pre
aes-gcm-siv-v0.11.0-pre.1
aes-gcm-siv-v0.11.0-pre.2
aes-gcm-siv-v0.11.1
aes-gcm-siv-v0.12.0-pre.1
aes-gcm-siv-v0.12.0-pre.2
aes-gcm-siv-v0.2.0
aes-gcm-siv-v0.2.1
aes-gcm-siv-v0.3.0
aes-gcm-siv-v0.4.0
aes-gcm-siv-v0.4.1
aes-gcm-siv-v0.5.0
aes-gcm-siv-v0.8.0
aes-gcm-siv-v0.9.0
aes-gcm-v0.*
aes-gcm-v0.1.0
aes-gcm-v0.1.1
aes-gcm-v0.10.0
aes-gcm-v0.10.0-pre
aes-gcm-v0.10.0-pre.1
aes-gcm-v0.10.0-pre.2
aes-gcm-v0.10.1
aes-gcm-v0.10.2
aes-gcm-v0.10.3
aes-gcm-v0.11.0-pre.0
aes-gcm-v0.11.0-pre.1
aes-gcm-v0.11.0-pre.2
aes-gcm-v0.2.0
aes-gcm-v0.2.1
aes-gcm-v0.3.0
aes-gcm-v0.3.1
aes-gcm-v0.3.2
aes-gcm-v0.4.0
aes-gcm-v0.4.1
aes-gcm-v0.4.2
aes-gcm-v0.5.0
aes-gcm-v0.6.0
aes-gcm-v0.7.0
aes-gcm-v0.8.0
aes-gcm-v0.9.0
aes-gcm-v0.9.1
aes-gcm-v0.9.2
aes-gcm-v0.9.3
aes-gcm-v0.9.4
aes-siv-v0.*
aes-siv-v0.1.1
aes-siv-v0.1.2
aes-siv-v0.2.0
aes-siv-v0.3.0
aes-siv-v0.4.0
aes-siv-v0.5.0
aes-siv-v0.6.0
aes-siv-v0.6.1
aes-siv-v0.6.2
aes-siv-v0.7.0
aes-siv-v0.7.0-pre.1
aes-siv-v0.8.0-pre.2
ascon-aead-v0.*
ascon-aead-v0.4.2
ccm-v0.*
ccm-v0.1.0
ccm-v0.2.0
ccm-v0.3.0
ccm-v0.4.0
ccm-v0.4.1
ccm-v0.4.2
ccm-v0.4.3
ccm-v0.4.4
ccm-v0.5.0
ccm-v0.5.0-pre.1
chacha20poly1305-v0.*
chacha20poly1305-v0.1.0
chacha20poly1305-v0.1.1
chacha20poly1305-v0.1.2
chacha20poly1305-v0.10.0
chacha20poly1305-v0.10.0-pre
chacha20poly1305-v0.10.0-pre.1
chacha20poly1305-v0.10.0-pre.2
chacha20poly1305-v0.10.1
chacha20poly1305-v0.11.0-pre.1
chacha20poly1305-v0.11.0-pre.2
chacha20poly1305-v0.2.0
chacha20poly1305-v0.2.1
chacha20poly1305-v0.2.2
chacha20poly1305-v0.3.0
chacha20poly1305-v0.3.1
chacha20poly1305-v0.3.2
chacha20poly1305-v0.3.3
chacha20poly1305-v0.4.0
chacha20poly1305-v0.4.1
chacha20poly1305-v0.5.0
chacha20poly1305-v0.5.1
chacha20poly1305-v0.6.0
chacha20poly1305-v0.7.0
chacha20poly1305-v0.7.1
chacha20poly1305-v0.8.0
chacha20poly1305-v0.8.1
chacha20poly1305-v0.8.2
chacha20poly1305-v0.9.0
crypto_box-v0.*
crypto_box-v0.1.0
crypto_box-v0.2.0
crypto_box-v0.3.0
crypto_box-v0.4.0
crypto_box-v0.5.0
crypto_box-v0.6.0
crypto_box-v0.6.1
deoxys-v0.*
deoxys-v0.0.1
deoxys-v0.0.2
deoxys-v0.1.0
deoxys-v0.1.0-pre.1
eax-v0.*
eax-v0.2.0
eax-v0.3.0
eax-v0.4.0
eax-v0.4.1
eax-v0.5.0
eax-v0.5.0-pre.1
mgm-v0.*
mgm-v0.1.0
mgm-v0.1.1
mgm-v0.2.0
mgm-v0.2.1
mgm-v0.3.0
mgm-v0.4.0
mgm-v0.4.1
mgm-v0.4.2
mgm-v0.4.3
mgm-v0.4.4
mgm-v0.4.5
mgm-v0.4.6
mgm-v0.5.0-pre.1
ocb3-v0.*
ocb3-v0.1.0
xsalsa20poly1305-v0.*
xsalsa20poly1305-v0.1.0
xsalsa20poly1305-v0.2.0
xsalsa20poly1305-v0.2.1
xsalsa20poly1305-v0.3.0
xsalsa20poly1305-v0.3.1
xsalsa20poly1305-v0.4.0
xsalsa20poly1305-v0.4.1
xsalsa20poly1305-v0.4.2
xsalsa20poly1305-v0.5.0
xsalsa20poly1305-v0.6.0
xsalsa20poly1305-v0.7.0
xsalsa20poly1305-v0.7.1
xsalsa20poly1305-v0.7.2
xsalsa20poly1305-v0.8.0
xsalsa20poly1305-v0.9.0
xsalsa20poly1305-v0.9.0-pre
xsalsa20poly1305-v0.9.0-pre.1
xsalsa20poly1305-v0.9.0-pre.2
xsalsa20poly1305/v0.*
xsalsa20poly1305/v0.9.1