GHSA-G433-PQ76-6CMF: The Verification Theater: Breaking hpke-rs - CVE Security Report

GHSA-G433-PQ76-6CMF.md

GHSA-G433-PQ76-6CMF: The Verification Theater: Breaking hpke-rs

CVSS Score: 9.8 Published: 2026-02-13 Full Report: https://cvereports.com/reports/GHSA-G433-PQ76-6CMF

Summary

A collection of critical cryptographic failures in the hpke-rs library, ranging from RFC non-compliance (missing all-zero checks) to catastrophic nonce reuse via integer overflow. Despite being marketed as a high-assurance, formally verified library, it failed to implement basic safety checks required by RFC 9180.

TL;DR

The hpke-rs library, used for Hybrid Public Key Encryption, contained multiple critical flaws: it failed to validate X25519 shared secrets (allowing key compromise), used a 32-bit counter for nonces (leading to wrap-around and nonce reuse), and truncated KDF inputs. These issues allow for complete session compromise and plaintext recovery.

Exploit Status: POC

Technical Details

• Attack Vector: Network
• CVSS: 9.8
• Complexity: Low
• Privileges: None
• Impact: Critical (Confidentiality & Integrity)
• CWE IDs: CWE-327, CWE-190

Affected Systems

• hpke-rs
• hpke-rs-rust-crypto
• hpke-rs-crypto
• hpke-rs: < 0.6.0 (Fixed in: 0.6.0)

Mitigation

• Upgrade to patched version
• Input validation auditing
• Dependency auditing

Remediation Steps:

1. Update hpke-rs crate to version >= 0.6.0 in Cargo.toml.
2. Run cargo update to pull the new version.
3. Verify transitive dependencies using cargo tree to ensure no other crate is pulling in an older version of hpke-rs.
4. Run cargo audit to confirm the vulnerability report is cleared.

References

• The Verification Theater (Paper)
• RustSec Advisory

---

Generated by CVEReports - Automated Vulnerability Intelligence