GHSA-7jjx-3qw9-j6h6

Опубликовано: 12 нояб. 2024

Источник: github

Github: Прошло ревью

CVSS4: 2.7

Описание

cggmp21-keygen has ambiguous challenge derivation

Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability (however, it's unknown if it could be exploited).

Ссылки

https://github.com/dfns/cggmp21/pull/103
https://rustsec.org/advisories/RUSTSEC-2024-0392.html

Пакеты

Наименование

cggmp21-keygen

rust

Затронутые версииВерсия исправления

< 0.3.0

0.3.0

2.7 Low

CVSS4

Дефекты

CWE-327

2.7 Low

CVSS4

Дефекты

CWE-327