Lucene search
GoogleOSV:GHSA-WRVC-72W7-XPMJHistoryAug 25, 2021 - 8:45 p.m.
Incorrect Comparison in sodiumoxide
2021-08-2520:45:54
Google
osv.dev
6
0.002 Low
EPSS
Percentile
60.7%
An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sodiumoxide | lt | 0.2.5 | |
| sodiumoxide | ge | 0.2.0 |
References
github.com/sodiumoxide/sodiumoxide
github.com/sodiumoxide/sodiumoxide/commit/38490723927f230498adf795153e6cd3cb08b6a8
github.com/sodiumoxide/sodiumoxide/pull/381
github.com/sodiumoxide/sodiumoxide/pull/381/commits/fae052b834b097ced9a89a8fff8466e18f383070
nvd.nist.gov/vuln/detail/CVE-2019-25002
rustsec.org/advisories/RUSTSEC-2019-0026.html
Related
prion
prion
Design/Logic Flaw
2020-12-31 10:15:00
osv
osv
CVE-2019-25002
2020-12-31 10:15:14
generichash::Digest::eq always return true
2019-10-11 12:00:00
cvelist
cvelist
CVE-2019-25002
2020-12-31 08:33:09
nvd
nvd
CVE-2019-25002
2020-12-31 10:15:14
cve
cve
CVE-2019-25002
2020-12-31 10:15:14
rustsec
rustsec
generichash::Digest::eq always return true
2019-10-11 12:00:00
github
github
Incorrect Comparison in sodiumoxide
2021-08-25 20:45:54