GHSA-g433-pq76-6cmf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g433-pq76-6cmf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-g433-pq76-6cmf/GHSA-g433-pq76-6cmf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g433-pq76-6cmf
- Published
- 2026-02-13T20:05:10Z
- Modified
- 2026-02-13T20:43:24.539606Z
- Summary
- Bug fixes in hpke-rs, hpke-rs-rust-crypto
- Details
-
We publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the hpke-rs and hpke-rs-rust-crypto crates contain the following bug-fixes:
hpke-rs
- #127: Fix
KemAlgorithm::TryFrom<u16>mapping where0x004Dincorrectly resolved toXWingDraft06instead ofXWingDraft06Obsolete. - #123: Fix potential overflow in context counter and switch to use u64.
- #128: Return errors when trying to use open/seal with export only ciphersuite and when using kdf export with an output that's too long (instead of truncating it)
The issue fixed in #123 was first reported by Nadim Kobeissi. The issues fixed in #127 and #128 were first reported by Scott Arciszewski.
hpke-rs-rust-crypto
- #124: Error out on x25519 0 keys
The issue fixed in #124 was first reported by Nadim Kobeissi.
- #127: Fix
- Database specific
{ "github_reviewed_at": "2026-02-13T20:05:10Z", "severity": "MODERATE", "cwe_ids": [ "CWE-190", "CWE-20", "CWE-697" ], "github_reviewed": true, "nvd_published_at": null }- References
-
- https://github.com/cryspen/hpke-rs/security/advisories/GHSA-g433-pq76-6cmf
- https://github.com/cryspen/hpke-rs/pull/123
- https://github.com/cryspen/hpke-rs/pull/124
- https://github.com/cryspen/hpke-rs/pull/127
- https://github.com/cryspen/hpke-rs/pull/128
- https://github.com/cryspen/hpke-rs/commit/1c247b5c9aeca602ad2971c9bd49817fe2c308e6
- https://github.com/cryspen/hpke-rs/commit/25248bd624cc0325c98a05c169a0c9aa0aced632
- https://github.com/cryspen/hpke-rs/commit/3a8254938f43bdc4e0c9c4f987f8071f19779066
- https://github.com/cryspen/hpke-rs/commit/b54c8bb83906331bdf4f606cafa30cd7fd20b531
- https://github.com/cryspen/hpke-rs
Affected packages
crates.io / hpke-rs
Package
- Name
- hpke-rs
- View open source insights on deps.dev
- Purl
- pkg:cargo/hpke-rs
crates.io / hpke-rs-rust-crypto
Package
- Name
- hpke-rs-rust-crypto
- View open source insights on deps.dev
- Purl
- pkg:cargo/hpke-rs-rust-crypto