Lucene search

CVE-2019-25002

🗓️ 31 Dec 2020 10:14:15Reported by mitreType

An issue in sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself, with degenerate security properties

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Prion	Design/Logic Flaw	31 Dec 202010:15	–	prion
OSV	CVE-2019-25002	31 Dec 202010:15	–	osv
OSV	GHSA-WRVC-72W7-XPMJ Incorrect Comparison in sodiumoxide	25 Aug 202120:45	–	osv
OSV	RUSTSEC-2019-0026 generichash::Digest::eq always return true	11 Oct 201912:00	–	osv
Github Security Blog	Incorrect Comparison in sodiumoxide	25 Aug 202120:45	–	github
CNVD	Unspecified Vulnerability in Mozilla Rust (CNVD-2021-36330)	6 Jan 202100:00	–	cnvd
Cvelist	CVE-2019-25002	31 Dec 202008:33	–	cvelist
NVD	CVE-2019-25002	31 Dec 202010:15	–	nvd
RustSec	generichash::Digest::eq always return true	11 Oct 201912:00	–	rustsec

Nvd

Node

sodiumoxide_project sodiumoxideRange<0.2.5rust

Source	Link
rustsec	www.rustsec.org/advisories/RUSTSEC-2019-0026.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Dec 2020 10:15Current

9.3High risk

Vulners AI Score9.3

CVSS27.5

CVSS39.8

EPSS0.00433