Intel

AIKIDO-2026-961456

miden-crypto is vulnerable to Sensitive Information Exposure

Sensitive Information Exposure Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 2 days ago

35

Low Risk

This Affects:

RUSTmiden-crypto
0.9.0 - 0.27.0
Fixed in 0.28.0
Are you affected? Scan for Free

TL;DR

Several secret-key deserialization paths in miden-crypto read raw key bytes into a transient local buffer that was not wiped before that buffer was dropped. The ECDSA over secp256k1 secret-key reader left its buffer un-wiped on the early error return when byte validation rejected the input, while the Falcon512 and Poseidon2 AEAD secret-key readers never wiped their read buffers on any path, and decoded Falcon coefficient buffers were also left in place. As a result raw secret-key material could linger in freed process memory after deserialization, widening the window for recovery through memory inspection, swap, or core dumps. The fix adds a read_sensitive_array helper that returns the buffer wrapped in zeroize::Zeroizing so it is wiped on drop regardless of the exit path, migrates the affected readers to it, and wraps the decoded Falcon coefficient buffers in Zeroizing.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and deserialize Falcon512, ECDSA-k256, or AEAD secret keys.

Background info

miden-crypto is vulnerable to Sensitive Information Exposure in versions 0.9.0 - 0.27.0.

How to fix this

Upgrade the miden-crypto library to the patch version.