Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-58262

Опубликовано: 27 июл. 2025
Источник: redhat
CVSS3: 2.9
EPSS Низкий

Описание

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

A flaw was found in curve25519-dalek. The crate’s implementation of constant-time operations on elliptic curve scalars lacks proper LLVM optimization, potentially revealing information about the scalar's bits. A local attacker can observe timing differences during scalar operations. This information leak occurs via direct execution of the vulnerable code. The consequence is a potential side-channel attack.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-operator-bundleFix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-rhel9-operatorFix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/eventrouter-rhel9Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/log-file-metric-exporter-rhel9Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/vector-rhel9Fix deferred
Red Hat Enterprise Linux 10rust-sequoia-sqNot affected
Red Hat Enterprise Linux 10rust-sequoia-sqvNot affected
Red Hat Enterprise Linux 10trustee-guest-componentsNot affected
Red Hat Enterprise Linux 9trustee-guest-componentsNot affected
Red Hat OpenShift Container Platform 4kata-containersFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-733
https://bugzilla.redhat.com/show_bug.cgi?id=2383773curve25519-dalek: Curve25519-Dalek Scalar Timing Vulnerability

EPSS

Процентиль: 1%
0.00011
Низкий

2.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-58262

CVSS3: 2.9
ubuntu
5 месяцев назад

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

nvd логотип

CVE-2024-58262

CVSS3: 2.9
nvd
5 месяцев назад

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

debian логотип

CVE-2024-58262

CVSS3: 2.9
debian
5 месяцев назад

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time o ...

github логотип

GHSA-x4gp-pqpj-f43q

github
больше 1 года назад

curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

EPSS

Процентиль: 1%
0.00011
Низкий

2.9 Low

CVSS3