crates.io package
libsecp256k1
pkg:cargo/libsecp256k1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-38195 | — | < 0.5.0 | 0.5.0 | Aug 8, 2021 | An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow. | ||
| CVE-2019-25003 | — | < 0.3.1 | 0.3.1 | Dec 31, 2020 | An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information. |
- CVE-2021-38195Aug 8, 2021affected < 0.5.0fixed 0.5.0
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.
- CVE-2019-25003Dec 31, 2020affected < 0.3.1fixed 0.3.1
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.