Описание
Incorrect Comparison in sodiumoxide
An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-25002
- https://github.com/sodiumoxide/sodiumoxide/pull/381
- https://github.com/sodiumoxide/sodiumoxide/pull/381/commits/fae052b834b097ced9a89a8fff8466e18f383070
- https://github.com/sodiumoxide/sodiumoxide/commit/38490723927f230498adf795153e6cd3cb08b6a8
- https://rustsec.org/advisories/RUSTSEC-2019-0026.html
Пакеты
Наименование
sodiumoxide
rust
Затронутые версииВерсия исправления
>= 0.2.0, < 0.2.5
0.2.5
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.