Reliance on Undefined, Unspecified, or Implementation-Defined Behavior Affecting keccak package, versions <0.1.6

Q: How to fix?

Upgrade keccak to version 0.1.6 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RUST-KECCAK-15325875
published23 Feb 2026
disclosed19 Feb 2026
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 19 Feb 2026

NewCWE-758 (opens in a new tab)

How to fix?

Upgrade keccak to version 0.1.6 or higher.

Overview

Affected versions of this package are vulnerable to Reliance on Undefined, Unspecified, or Implementation-Defined Behavior via the asm! block when the off-by-default asm feature is enabled on ARMv8 targets. An attacker can potentially cause memory safety issues or trigger undefined behavior by exploiting incorrect operand type specifications in the assembly block.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
High
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None