GHSA-G433-PQ76-6CMF: The Verification Theater: Breaking hpke-rs

# security# cve# cybersecurity# ghsa
GHSA-G433-PQ76-6CMF: The Verification Theater: Breaking hpke-rsCVE Reports

The Verification Theater: Breaking hpke-rs Vulnerability ID: GHSA-G433-PQ76-6CMF CVSS...

The Verification Theater: Breaking hpke-rs

Vulnerability ID: GHSA-G433-PQ76-6CMF
CVSS Score: 9.8
Published: 2026-02-13

A collection of critical cryptographic failures in the hpke-rs library, ranging from RFC non-compliance (missing all-zero checks) to catastrophic nonce reuse via integer overflow. Despite being marketed as a high-assurance, formally verified library, it failed to implement basic safety checks required by RFC 9180.

TL;DR

The hpke-rs library, used for Hybrid Public Key Encryption, contained multiple critical flaws: it failed to validate X25519 shared secrets (allowing key compromise), used a 32-bit counter for nonces (leading to wrap-around and nonce reuse), and truncated KDF inputs. These issues allow for complete session compromise and plaintext recovery.

⚠️ Exploit Status: POC

Technical Details

  • Attack Vector: Network
  • CVSS: 9.8
  • Complexity: Low
  • Privileges: None
  • Impact: Critical (Confidentiality & Integrity)
  • CWE IDs: CWE-327, CWE-190

Affected Systems

  • hpke-rs
  • hpke-rs-rust-crypto
  • hpke-rs-crypto
  • hpke-rs: < 0.6.0 (Fixed in: 0.6.0)

Code Analysis

Commit: 1c247b5

Added check for X25519 all-zero shared secret

+ if is_zero == 1 { return Err(HpkeError::InvalidKey); }
Enter fullscreen mode Exit fullscreen mode

Commit: 3a82549

Updated sequence number to u64 and added checked_add

- seq: u32
+ seq: u64
+ self.seq.checked_add(1)
Enter fullscreen mode Exit fullscreen mode

Exploit Details

Mitigation Strategies

  • Upgrade to patched version
  • Input validation auditing
  • Dependency auditing

Remediation Steps:

  1. Update hpke-rs crate to version >= 0.6.0 in Cargo.toml.
  2. Run cargo update to pull the new version.
  3. Verify transitive dependencies using cargo tree to ensure no other crate is pulling in an older version of hpke-rs.
  4. Run cargo audit to confirm the vulnerability report is cleared.

References

Read the full report for GHSA-G433-PQ76-6CMF on our website for more details including interactive diagrams and full exploit analysis.