Skip to content

Commit

Permalink
Update gh-pages
Browse files Browse the repository at this point in the history
  • Loading branch information
github-actions committed Mar 6, 2025
1 parent fc018e2 commit 648c3ad
Show file tree
Hide file tree
Showing 7 changed files with 382 additions and 306 deletions.
189 changes: 189 additions & 0 deletions advisories/RUSTSEC-2025-0009.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
<!DOCTYPE html>

<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta charset="utf-8">

<meta name="author" content="Rust Project Developers">
<meta name="description" content="Security advisory database for Rust crates published through https://crates.io">
<title>RUSTSEC-2025-0009: ring: Some AES functions may panic when overflow checking is enabled. › RustSec Advisory Database</title>

<link href="//fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,300italic,400italic" rel="stylesheet">
<link href="/css/basic.css" rel="stylesheet">
<link href="/css/highlight.css" rel="stylesheet">
<link href="/css/index.css" rel="stylesheet">

<script src="/js/index.js" defer></script>
<script src="/js/search.js" defer></script>

<header>
<div class="header-top">
<h1><a href="/"><img class="logo-image" src="/img/rustsec-logo.svg" /></a></h1>

<div class="search">
<form onsubmit="return searchform();">
<input type="search" id="search-term"
placeholder="Look up package or ID..." required
size="20">
</form>
</div>

</div>
<nav>
<div>
<a href="/">About</a>
<a href="/advisories/">Advisories</a>
<a href="/contributing.html">Report Vulnerabilities</a>
</div>
<div>
<a href="https://rust-lang.zulipchat.com/login/#narrow/stream/146229-wg-secure-code/" title="Zulip" aria-label="Zulip"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" style="height:1em;fill:currentColor"><path d="M473.09 122.97c0 22.69-10.19 42.85-25.72 55.08L296.61 312.69c-2.8 2.4-6.44-1.47-4.42-4.7l55.3-110.72c1.55-3.1-.46-6.91-3.64-6.91H129.36c-33.22 0-60.4-30.32-60.4-67.37 0-37.06 27.18-67.37 60.4-67.37h283.33c33.22-.02 60.4 30.3 60.4 67.35zM129.36 506.05h283.33c33.22 0 60.4-30.32 60.4-67.37 0-37.06-27.18-67.37-60.4-67.37H198.2c-3.18 0-5.19-3.81-3.64-6.91l55.3-110.72c2.02-3.23-1.62-7.1-4.42-4.7L94.68 383.6c-15.53 12.22-25.72 32.39-25.72 55.08 0 37.05 27.18 67.37 60.4 67.37zm522.5-124.15l124.78-179.6v-1.56H663.52v-48.98h190.09v34.21L731.55 363.24v1.56h124.01v48.98h-203.7V381.9zm338.98-230.14V302.6c0 45.09 17.1 68.03 47.43 68.03 31.1 0 48.2-21.77 48.2-68.03V151.76h59.09V298.7c0 80.86-40.82 119.34-109.24 119.34-66.09 0-104.96-36.54-104.96-120.12V151.76h59.48zm244.91 0h59.48v212.25h104.18v49.76h-163.66V151.76zm297 0v262.01h-59.48V151.76h59.48zm90.18 3.5c18.27-3.11 43.93-5.44 80.08-5.44 36.54 0 62.59 7 80.08 20.99 16.72 13.22 27.99 34.99 27.99 60.64 0 25.66-8.55 47.43-24.1 62.2-20.21 19.05-50.15 27.6-85.13 27.6-7.77 0-14.77-.39-20.21-1.17v93.69h-58.7V155.26zm58.7 118.96c5.05 1.17 11.27 1.55 19.83 1.55 31.49 0 50.92-15.94 50.92-42.76 0-24.1-16.72-38.49-46.26-38.49-12.05 0-20.21 1.17-24.49 2.33v77.37z"/></svg></a>
<a href="https://twitter.com/RustSec/" title="Twitter" aria-label="Twitter"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" style="height:1em;fill:currentColor"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg></a>
<a href="https://github.com/RustSec/" title="GitHub" aria-label="GitHub"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512" style="height:1em;fill:currentColor"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg></a>
<a href="/feed.xml" title="Atom Feed" aria-label="Atom Feed"><svg xmlns="http://www.w3.org/2000/svg" style="height:1em" viewBox="0 0 8 8">
<style type="text/css">
.button {stroke: none; fill: currentColor;}
.symbol {stroke: none; fill-opacity=0;}
</style>
<rect class="button" width="8" height="8" rx="1.5" />
<circle class="symbol" cx="2" cy="6" r="1" />
<path class="symbol" d="m 1,4 a 3,3 0 0 1 3,3 h 1 a 4,4 0 0 0 -4,-4 z" />
<path class="symbol" d="m 1,2 a 5,5 0 0 1 5,5 h 1 a 6,6 0 0 0 -6,-6 z" />
</svg></a>
</div>
</nav>
</header>

<main class="advisory">
<article>

<span class="floating-menu">
<a href="https://github.com/RustSec/advisory-db/commits/main/crates/ring/RUSTSEC-2025-0009.md">History</a>
<a href="https://github.com/RustSec/advisory-db/edit/main/crates/ring/RUSTSEC-2025-0009.md">Edit</a>
<a href="https://api.osv.dev/v1/vulns/RUSTSEC-2025-0009">JSON (OSV)</a>
</span>


<header>
<h1>

RUSTSEC-2025-0009

</h1>
<span class="subtitle"><p>Some AES functions may panic when overflow checking is enabled.</p>
</span>
</header>



<dl>
<dt id="reported">Reported</dt>
<dd>
<time datetime="2025-03-06">
March 6, 2025
</time>
</dd>

<dt id="issued">Issued</dt>
<dd>
<time datetime="2025-03-06">
March 6, 2025
</time>

</dd>

<dt id="package">Package</dt>
<dd>


<a href="/packages/ring.html">ring</a>
(<a href="https://crates.io/crates/ring">crates.io</a>)


</dd>

<dt id="type">Type</dt>
<dd>

Vulnerability

</dd>


<dt id="categories">Categories</dt>
<dd>
<ul>

<li><a href="/categories/denial-of-service.html">denial-of-service</a></li>

</ul>
</dd>







<dt id="details">References</dt>
<dd>
<ul>

<li>
<a href="https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-05">
https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-05
</a>
</li>


</ul>
</dd>







<dt id="patched">Patched</dt>
<dd>

<ul>

<li><code>&gt;=0.17.12</code></li>

</ul>

</dd>





</dl>




<h3 id="description">Description</h3>
<p><code>ring::aead::quic::HeaderProtectionKey::new_mask()</code> may panic when overflow
checking is enabled. In the QUIC protocol, an attacker can induce this panic by
sending a specially-crafted packet. Even unintentionally it is likely to occur
in 1 out of every 2**32 packets sent and/or received.</p>
<p>On 64-bit targets operations using <code>ring::aead::{AES_128_GCM, AES_256_GCM}</code> may
panic when overflow checking is enabled, when encrypting/decrypting approximately
68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols
like TLS and SSH are not affected by this because those protocols break large
amounts of data into small chunks. Similarly, most applications will not
attempt to encrypt/decrypt 64GB of data in one chunk.</p>
<p>Overflow checking is not enabled in release mode by default, but
<code>RUSTFLAGS=&quot;-C overflow-checks&quot;</code> or <code>overflow-checks = true</code> in the Cargo.toml
profile can override this. Overflow checking is usually enabled by default in
debug mode.</p>


<p id="license" class="license">Advisory available under <a href="https://spdx.org/licenses/CC0-1.0.html">CC0-1.0</a>
license.


</p>
</article>
</main>
19 changes: 19 additions & 0 deletions advisories/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,25 @@ <h1><a href="/"><img class="logo-image" src="/img/rustsec-logo.svg" /></a></h1>

<ul>

<li>
<time datetime="2025-03-06">
March 6, 2025
</time>


<h3>



<a href="/advisories/RUSTSEC-2025-0009.html">
RUSTSEC-2025-0009: Vulnerability in ring
</a>
</h3>
<span><p>Some AES functions may panic when overflow checking is enabled.</p>
</span>

</li>

<li>
<time datetime="2025-02-24">
February 24, 2025
Expand Down
19 changes: 19 additions & 0 deletions categories/denial-of-service.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,25 @@ <h1>Advisories in category &#x27;denial-of-service&#x27;</h1>

<ul>

<li>
<time datetime="2025-03-06">
March 6, 2025
</time>


<h3>



<a href="/advisories/RUSTSEC-2025-0009.html">
RUSTSEC-2025-0009: Vulnerability in ring
</a>
</h3>
<span><p>Some AES functions may panic when overflow checking is enabled.</p>
</span>

</li>

<li>
<time datetime="2024-12-04">
December 4, 2024
Expand Down
Loading

0 comments on commit 648c3ad

Please sign in to comment.