Use of a Broken or Risky Cryptographic Algorithm Affecting libcrux-intrinsics package, versions >=0.0.3 <0.0.4

Q: How to fix?

Upgrade libcrux-intrinsics to version 0.0.4 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RUST-LIBCRUXINTRINSICS-14192427
published5 Dec 2025
disclosed4 Dec 2025
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 4 Dec 2025

NewCWE-200 (opens in a new tab) CWE-327 (opens in a new tab)

How to fix?

Upgrade libcrux-intrinsics to version 0.0.4 or higher.

Overview

libcrux-intrinsics is a formally verified cryptographic library in Rust.

Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm on platforms without the core::arch::aarch64::vxarq_u64 intrinsic. An attacker can obtain incorrect cryptographic outputs, such as corrupted digests, invalid signatures, or incorrect shared secrets, by leveraging the faulty fallback implementation.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None