VYPR

crates.io package

sodiumoxide

pkg:cargo/sodiumoxide

Vulnerabilities (2)

  • CVE-2019-25002Dec 31, 2020
    affected >= 0.2.0, < 0.2.5fixed 0.2.5

    An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.

  • CVE-2017-1000168MedNov 17, 2017
    affected < 0.0.14fixed 0.0.14

    sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys