CVE-2024-58262

Опубликовано: 27 июл. 2025

Источник: nvd

CVSS3: 2.9

CVSS3: 5.1

EPSS Низкий

Описание

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

Ссылки

https://crates.io/crates/curve25519-dalek
Product
https://github.com/dalek-cryptography/curve25519-dalek/pull/659
Issue Tracking
Patch
https://rustsec.org/advisories/RUSTSEC-2024-0344.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dalek:curve25519-dalek:*:*:*:*:*:rust:*:*

Версия до 4.1.3 (исключая)

EPSS

Процентиль: 1%

0.00011

Низкий

2.9 Low

CVSS3

5.1 Medium

CVSS3

Дефекты

CWE-733

Связанные уязвимости

CVE-2024-58262

CVSS3: 2.9

ubuntu

5 месяцев назад

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

CVE-2024-58262

CVSS3: 2.9

redhat

5 месяцев назад

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

CVE-2024-58262

CVSS3: 2.9

debian

5 месяцев назад

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time o ...

GHSA-x4gp-pqpj-f43q

github

больше 1 года назад

curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

EPSS

Процентиль: 1%

0.00011

Низкий

2.9 Low

CVSS3

5.1 Medium

CVSS3

Дефекты

CWE-733