Cloud Vulnerability DB
A community-led vulnerabilities database
Wiz Agents & Workflows are here
Vulnerability DatabaseGHSA-g433-pq76-6cmf
GHSA-g433-pq76-6cmf:
Rust vulnerability analysis and mitigation
We publish a GitHub security advisory for any releases whose CHANGELOG includes bug-fixes, and encourage our users to upgrade. The latest releases of the hpke-rs and hpke-rs-rust-crypto crates contain the following bug-fixes:
hpke-rs
- #127: Fix
KemAlgorithm::TryFrom<u16>mapping where0x004Dincorrectly resolved toXWingDraft06instead ofXWingDraft06Obsolete. - #123: Fix potential overflow in context counter and switch to use u64.
- #128: Return errors when trying to use open/seal with export only ciphersuite and when using kdf export with an output that's too long (instead of truncating it)The issue fixed in #123 was first reported by Nadim Kobeissi.The issues fixed in #127 and #128 were first reported by Scott Arciszewski.
hpke-rs-rust-crypto
- #124: Error out on x25519 0 keysThe issue fixed in #124 was first reported by Nadim Kobeissi.
Source: NVD
Related Rust vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management