GHSA-hrjm-c879-pp86

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

libsecp256k1 contains side-channel timing attack

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::check_overflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::check_overflow to execute in constant time.

Ссылки

Пакеты

Наименование

libsecp256k1

rust

Затронутые версииВерсия исправления

< 0.3.1

0.3.1

EPSS

Процентиль: 52%

0.00285

Низкий

7.5 High

CVSS3

CVE ID

CVE-2019-25003

Дефекты

CWE-208

Связанные уязвимости

CVE-2019-25003

CVSS3: 7.5

nvd

около 5 лет назад

An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.

EPSS

Процентиль: 52%

0.00285

Низкий

7.5 High

CVSS3

CVE ID

CVE-2019-25003

Дефекты

CWE-208