CVE-2025-27498
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
03/03/2025
Last modified:
03/03/2025
Description
aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The vulnerability is fixed in 0.4.3.
Impact
Base Score 4.0
5.60
Severity 4.0
MEDIUM