Miggo Logo
Miggo Vulnerability Database
CVE-2025-4432

CVE-2025-4432: ring has some AES functions that may panic when overflow checking is enabled in

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-4432
GHSA ID
GHSA-c86p-w88r-qvqr
EPSS Score
0.34667%
CWE
CWE-770
Published
5/9/2025
Updated
5/9/2025
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
ringrust< 0.17.130.17.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description states that a panic may be triggered when overflow checking is enabled in some AES functions. The provided commit ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38 directly addresses this issue. The patch modifies the increment_by_less_safe function within the Counter struct in src/aead/aes.rs. The change from old_value + increment_by.get() to old_value.wrapping_add(increment_by.get()) clearly indicates that the standard addition operator was causing an overflow panic under certain conditions, and wrapping_add was introduced as a mitigation. Therefore, ring::aead::aes::Counter::increment_by_less_safe is identified as the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in Rust's Rin* p**k***. * p*ni* m*y ** tri***r** w**n ov*r*low ****kin* is *n**l**. In t** QUI* proto*ol, t*is *l*w *llows *n *tt**k*r to in*u** t*is p*ni* *y s*n*in* * sp**i*lly *r**t** p**k*t. It will lik*ly o**ur unint*ntion*lly i

Reasoning

T** vuln*r**ility **s*ription st*t*s t**t * p*ni* m*y ** tri***r** w**n ov*r*low ****kin* is *n**l** in som* **S *un*tions. T** provi*** *ommit `****************************************` *ir**tly ***r*ss*s t*is issu*. T** p*t** mo*i*i*s t** `in*r*m*n