crates.io package
sodiumoxide
pkg:cargo/sodiumoxide
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-25002 | — | >= 0.2.0, < 0.2.5 | 0.2.5 | Dec 31, 2020 | An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. | ||
| CVE-2017-1000168 | Med | 6.5 | < 0.0.14 | 0.0.14 | Nov 17, 2017 | sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys |
- CVE-2019-25002Dec 31, 2020affected >= 0.2.0, < 0.2.5fixed 0.2.5
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.
- affected < 0.0.14fixed 0.0.14
sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys