Описание
Duplicate Advisory: curve25519-dalek has timing variability in curve25519-dalek's Scalar29::sub/Scalar52::sub
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references.
Original Description
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.
Пакеты
Наименование
curve25519-dalek
rust
Затронутые версииВерсия исправления
< 4.1.3
4.1.3
2.9 Low
CVSS3
Дефекты
CWE-733
2.9 Low
CVSS3
Дефекты
CWE-733