*ring* AES-CTR may panic when overflow checking is enabled.

briansmith · briansmith · commit b62b4c32bf60 · 2025-03-06T11:58:35.000-08:00
diff --git a/crates/ring/RUSTSEC-0000-0000.md b/crates/ring/RUSTSEC-0000-0000.md
@@ -0,0 +1,29 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "ring"
+date = "2025-03-06"
+url = "https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-05"
+categories = ["denial-of-service"]
+
+[versions]
+patched = [">= 0.17.12"]
+unaffected = []
+```
+
+# Some AES functions may panic when overflow checking is enabled.
+
+`ring::aead::quic::HeaderProtectionKey::new_mask()` may panic when overflow
+checking is enabled.
+
+On 64-bit targets in `ring::aead::{AES_128_GCM, AES_256_GCM}` may panic when
+overflow checking is enabled, when encrypting/decrypting approximately
+68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols
+like TLS and SSH are not affected by this because those protocols break large
+amounts of data into small chunks. Similarly, most applications will not
+attempt to encrypt/decrypt 64GB of data in one chunk.
+
+Overflow checking is not enabled in release mode by default, but
+`RUSTFLAGS="-C overflow-checks"` or `overflow-checks = true` in the Cargo.toml
+profile can override this. Overflow checking is usually enabled by default in
+debug mode.
