Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::check_overflow
in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::check_overflow
to execute in constant time.
CPE | Name | Operator | Version |
---|---|---|---|
libsecp256k1 | lt | 0.3.1 |