*ring* AES-CTR may panic when overflow checking is enabled.

rustsec · Mar 6, 2025 · 272f00e · 272f00e
1 parent ba55c17
commit 272f00e
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/crates/ring/RUSTSEC-0000-0000.md b/crates/ring/RUSTSEC-0000-0000.md
@@ -0,0 +1,31 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ring"
+date = "2025-03-06"
+url = "https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-05"
+categories = ["denial-of-service"]
+
+[versions]
+patched = [">= 0.17.12"]
+unaffected = []
+```
+
+# Some AES functions may panic when overflow checking is enabled.
+
+`ring::aead::quic::HeaderProtectionKey::new_mask()` may panic when overflow
+checking is enabled. In the QUIC protocol, an attacker can induce this panic by
+sending a specially-crafted packet. Even unintentionally it is likely to occur
+in 1 out of every 2**32 packets sent and/or received.
+
+On 64-bit targets operations using `ring::aead::{AES_128_GCM, AES_256_GCM}` may
+panic when overflow checking is enabled, when encrypting/decrypting approximately
+68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols
+like TLS and SSH are not affected by this because those protocols break large
+amounts of data into small chunks. Similarly, most applications will not
+attempt to encrypt/decrypt 64GB of data in one chunk.
+
+Overflow checking is not enabled in release mode by default, but
+`RUSTFLAGS="-C overflow-checks"` or `overflow-checks = true` in the Cargo.toml
+profile can override this. Overflow checking is usually enabled by default in
+debug mode.