Apple Swift Crypto X-Wing HPKE Decapsulation Out-of-Bounds Read Vulnerability

A remote attacker can exploit a vulnerability in Apple Swift Crypto versions 4.0.0 through 4.3.0 by supplying a short X-Wing HPKE encapsulated key. This input triggers an out-of-bounds read in the C decapsulation process, potentially leading to a crash or memory disclosure, depending on the runtime protections in place. The issue arises because the decapsulation function does not validate the length of the encapsulated data before passing it to a C API that expects a fixed-size buffer, creating a memory-safety issue.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, leading to a memory-safety violation. This can result in a crash or unauthorized memory disclosure, depending on the application's runtime protections.

Reproduction

The vulnerability can be reproduced by initializing an 'HPKE.Recipient' with a malformed encapsulated key that is only one byte long, instead of the required 1120 bytes. This can be done by creating a test case that passes the short key to the recipient initialization, which will then be decapsulated using the vulnerable C API, causing an out-of-bounds read.

Remediation

Users can upgrade to Swift Crypto version 4.3.1 to address this vulnerability.