CVE-2021-45696: 
Rust vulnerability analysis and mitigation

The sha2 crate version 0.9.7 for Rust contained a critical vulnerability (CVE-2021-45696) discovered in December 2021. The vulnerability affected the AVX2-accelerated backend, which was automatically enabled for x86/x86_64 CPUs with AVX2 support. When processing long messages that span multiple SHA blocks, the implementation would produce incorrect hash results (RustSec Advisory).

The issue was introduced in version 0.9.7 with a new AVX2-accelerated backend that was automatically enabled when AVX2 support was detected at runtime on x86/x86_64 CPUs. The vulnerability manifested when processing messages that spanned multiple SHA blocks, causing the hash computation to produce incorrect results. The severity of this issue is rated as CRITICAL with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability compromises the cryptographic integrity of the SHA-2 hash function when using the affected version. Any hashes computed using version 0.9.7 with the AVX2 backend may be incorrect, potentially impacting security-critical applications that rely on hash verification. Users who upgraded to v0.9.7 need to recompute any hashes that were previously calculated using this version (RustSec Advisory).

The vulnerability has been patched in version 0.9.8 of the sha2 crate. Users should immediately upgrade to version 0.9.8 or later. Additionally, any hashes that were computed using version 0.9.7 should be recomputed using the patched version to ensure their correctness (RustSec Advisory).