An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq
compares itself to itself and thus has degenerate security properties.
CPE | Name | Operator | Version |
---|---|---|---|
sodiumoxide | lt | 0.2.5 | |
sodiumoxide | ge | 0.2.0 |
github.com/sodiumoxide/sodiumoxide
github.com/sodiumoxide/sodiumoxide/commit/38490723927f230498adf795153e6cd3cb08b6a8
github.com/sodiumoxide/sodiumoxide/pull/381
github.com/sodiumoxide/sodiumoxide/pull/381/commits/fae052b834b097ced9a89a8fff8466e18f383070
nvd.nist.gov/vuln/detail/CVE-2019-25002
rustsec.org/advisories/RUSTSEC-2019-0026.html