RUSTSEC-2026-0074

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2026-0074
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0074.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2026-0074
Aliases
Published
2026-03-04T12:00:00Z
Modified
2026-03-27T05:55:06Z
Summary
Incorrect Output of Incremental Portable SHAKE API
Details

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE (168 for SHAKE128, 136 for SHAKE256) bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF output.

Impact

This bug impacts users that rely on this XOF API to squeeze more than RATE bytes. It does not impact the use of libcrux-sha3 in libcrux-ml-kem or libcrux-ml-dsa.

Mitigation

Starting from version 0.0.8 the squeeze functions correctly output all blocks including the first block.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / libcrux-sha3

Package

Name
libcrux-sha3
View open source insights on deps.dev
Purl
pkg:cargo/libcrux-sha3

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.0.8

Ecosystem specific 

{
    "affects": {
        "functions": [
            "libcrux_sha3::portable::incremental::Shake128Xof::squeeze",
            "libcrux_sha3::portable::incremental::Shake256Xof::squeeze"
        ],
        "arch": [],
        "os": []
    },
    "affected_functions": null
}

Database specific

categories 
[]
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0074.json"
cvss 
null
informational 
null