CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The vulnerability is fixed in 0.4.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rust-aes-gcm
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
jammy
dne
focal
dne
Common Weakness Enumeration
References
https://github.com/RustCrypto/AEADs/commit/d1d749ba57e38e65b0e037cd744d0b17f7254037
https://github.com/RustCrypto/AEADs/security/advisories/GHSA-r38m-44fw-h886