Описание
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rust-curve25519-dalek | fixed | 4.1.3+20240618+dfsg-1 | package |
Примечания
https://rustsec.org/advisories/RUSTSEC-2024-0344.html
https://github.com/dalek-cryptography/curve25519-dalek/pull/659
Связанные уязвимости
CVSS3: 2.9
ubuntu
5 месяцев назад
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.
CVSS3: 2.9
redhat
5 месяцев назад
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.
CVSS3: 2.9
nvd
5 месяцев назад
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.
github
больше 1 года назад
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`