In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue…
mitre·CWE-195·Published 2025-12-14
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
The `aes_key_unwrap` function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value would be interpreted as a huge allocation. The allocator would then fail to allocate the memory and panic. An attacker could trigger this panic by sending a victim an encrypted message whose PKESK or SKESK packet has been specially modified. When the victim decrypts the message, the program would crash.
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 5.3 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
| 3.1 | Secondary | GHSA | 5.3 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
| 3.1 | Secondary | NVD | 5.3 | 1.6 | 3.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |