CVE-2021-45696

Опубликовано: 27 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.

Ссылки

https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/sha2/RUSTSEC-2021-0100.md
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2021-0100.html
Third Party Advisory
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/sha2/RUSTSEC-2021-0100.md
Third Party Advisory
https://rustsec.org/advisories/RUSTSEC-2021-0100.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sha2_project:sha2:0.9.7:*:*:*:*:rust:*:*

EPSS

Процентиль: 42%

0.00203

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-327

Связанные уязвимости

CVE-2021-45696

CVSS3: 9.8

debian

около 4 лет назад

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...

GHSA-fc7x-2cmc-8j2g

CVSS3: 9.8

github

около 4 лет назад

Incorrect hash in sha2

EPSS

Процентиль: 42%

0.00203

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-327