DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-435G-FCV3-8J26: High Assurance, Low Availability: The Libcrux Triple Threat

#security #cve #cybersecurity #ghsa

High Assurance, Low Availability: The Libcrux Triple Threat

Vulnerability ID: GHSA-435G-FCV3-8J26
CVSS Score: 7.5
Published: 2026-02-12

In the world of cryptography, 'High Assurance' and 'Formally Verified' are the golden tickets. They promise mathematical certainty that code does exactly what it's supposed to do. But in February 2026, the libcrux library—a poster child for this movement—demonstrated that you can prove a theorem but still crash a server. This report details a trifecta of failures: a remotely triggerable Denial of Service via a Rust unwrap(), a cryptographic clamping error that rendered keys incompatible with the rest of the world, and a validation check so logically broken it rejected its own valid keys.

TL;DR

Libcrux, a high-assurance crypto library, suffered from three distinct flaws: 1) An unauthenticated remote DoS caused by panicking on failed decryption, 2) Incorrect Ed25519 key derivation (clamping the seed instead of the scalar), and 3) Broken X25519 validation logic. Patches were released in Feb 2026.

⚠️ Exploit Status: POC

Technical Details

  • CWE-248: Uncaught Exception (Panic)
  • CWE-326: Inadequate Encryption Strength (Entropy Loss)
  • CWE-20: Improper Input Validation
  • CVSS: 7.5 (High)
  • Attack Vector: Network (Unauthenticated)
  • Impact: Denial of Service & Interoperability Failure

Affected Systems

  • Rust applications using libcrux-ed25519
  • Rust applications using libcrux-ecdh
  • Rust applications using libcrux-psq
  • Systems relying on high-assurance implementations of Noise or MLS using these crates
  • libcrux-ed25519: < Feb 2026 Patch (Fixed in: Commit 4d6f5d3)
  • libcrux-psq: < Feb 2026 Patch (Fixed in: Commit f303b64)

Code Analysis

Commit: 4d6f5d3

Fix incorrect clamping order in Ed25519 key generation

- clamp(seed); hash(seed); 
+ hash(seed); clamp(scalar);
Enter fullscreen mode Exit fullscreen mode

Commit: f303b64

Remove unwrap() on AEAD decryption to prevent panic DoS

- .unwrap()
+ .map_err(...)?
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GitHub: Analysis and PoC by Symbolic Software

Mitigation Strategies

  • Update libcrux ecosystem crates immediately.
  • Regenerate any Ed25519 keys created with affected versions to ensure RFC 8032 compliance.
  • Implement panic-recovery handlers in Rust web servers (though this doesn't fix the root cause, it prevents total process death).

Remediation Steps:

  1. Check Cargo.toml for libcrux-ecdh, libcrux-ed25519, or libcrux-psq.
  2. Update versions to >= 0.0.6 (check crates.io for specific patched version releases).
  3. Run cargo audit to verify the advisory is resolved.
  4. Deploy the new binary.

References

Read the full report for GHSA-435G-FCV3-8J26 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)