Low severityNVD Advisory· Published Jul 27, 2025· Updated Jul 28, 2025
CVE-2024-58262
CVE-2024-58262
Description
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
curve25519-dalekcrates.io | < 4.1.3 | 4.1.3 |
Affected products
10- osv-coords9 versionspkg:apk/chainguard/atuinpkg:apk/chainguard/ryepkg:apk/chainguard/washpkg:apk/chainguard/wasmcloudpkg:apk/wolfi/atuinpkg:apk/wolfi/ryepkg:apk/wolfi/washpkg:apk/wolfi/wasmcloudpkg:cargo/curve25519-dalek
< 18.3.0-r2+ 8 more
- (no CPE)range: < 18.3.0-r2
- (no CPE)range: < 0.38.0-r0
- (no CPE)range: < 0.30.0-r0
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 18.3.0-r2
- (no CPE)range: < 0.38.0-r0
- (no CPE)range: < 0.30.0-r0
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 4.1.3
- dalek-cryptography/curve25519-dalekv5Range: 0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-x4gp-pqpj-f43qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-58262ghsaADVISORY
- github.com/dalek-cryptography/curve25519-dalek/commit/415892acf1cdf9161bd6a4c99bc2f4cb8fae5e6aghsaWEB
- github.com/dalek-cryptography/curve25519-dalek/pull/659ghsaWEB
- rustsec.org/advisories/RUSTSEC-2024-0344.htmlghsaWEB
- crates.io/crates/curve25519-dalekmitre
News mentions
0No linked articles in our index yet.