GHSA-g693-v3jr-8hcr

Опубликовано: 28 июл. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Duplicate Advisory: ed25519-dalek Double Public Key Signing Function Oracle Attack

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references.

Original Description

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-50237
https://crates.io/crates/ed25519-dalek
https://github.com/MystenLabs/ed25519-unsafe-libs
https://rustsec.org/advisories/RUSTSEC-2022-0093.html

Пакеты

Наименование

ed25519-dalek

rust

Затронутые версииВерсия исправления

< 2.0.0

2.0.0

5.9 Medium

CVSS3

Дефекты

CWE-497

5.9 Medium

CVSS3

Дефекты

CWE-497