data/reports/GO-2025-3678.yaml - vulndb - Git at Google

 id: GO-2025-3678
 modules:
     - module: github.com/briansmith/ring
       vulnerable_at: 0.0.0-20250507214332-a041a759cf79
 summary: 'Ring: some aes functions may panic when overflow checking is enabled in ring in github.com/briansmith/ring'
 cves:
     - CVE-2025-4432
 references:
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-4432
     - fix: https://github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38
     - fix: https://github.com/briansmith/ring/pull/2447
     - report: https://bugzilla.redhat.com/show_bug.cgi?id=2350655
     - web: https://access.redhat.com/security/cve/CVE-2025-4432
     - web: https://github.com/briansmith/ring
     - web: https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-05
     - web: https://rustsec.org/advisories/RUSTSEC-2025-0009.html
 source:
     id: CVE-2025-4432
     created: 2025-05-15T15:35:22.039989-04:00
 review_status: UNREVIEWED
	id: GO-2025-3678
	modules:
	- module: github.com/briansmith/ring
	vulnerable_at: 0.0.0-20250507214332-a041a759cf79
	summary: 'Ring: some aes functions may panic when overflow checking is enabled in ring in github.com/briansmith/ring'
	cves:
	- CVE-2025-4432
	references:
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-4432
	- fix: https://github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38
	- fix: https://github.com/briansmith/ring/pull/2447
	- report: https://bugzilla.redhat.com/show_bug.cgi?id=2350655
	- web: https://access.redhat.com/security/cve/CVE-2025-4432
	- web: https://github.com/briansmith/ring
	- web: https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-05
	- web: https://rustsec.org/advisories/RUSTSEC-2025-0009.html
	source:
	id: CVE-2025-4432
	created: 2025-05-15T15:35:22.039989-04:00
	review_status: UNREVIEWED