61 matches found
Missing Check for All-Zero X25519 Shared Secret
Computing an X25519 shared secret with x25519dalek::StaticSecret::diffiehellman does not include the check that the key exchange was contributory, i.e. does not ensure on its own that the resulting shared secret is non-zero. Impact RFC 9180 mandates that implementations of HPKE must check for all...
CVE-2025-62514
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...
CVE-2025-62514
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...
CVE-2025-62514
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...
CVE-2025-62514
Parsec’s 3.x web component libparsec_crypto (RustCrypto backend) does not verify weak order points for Curve25519 in versions before 3.6.0. An attacker in a MITM could supply weak order points to both parties during Diffie-Hellman, increasing the chance that both ends derive the same shared key a...
EUVD-2025-206513
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...
CVE-2025-62514 `libparsec_crypto` does not check for weak order point of curve 25519
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...
CVE-2025-62514 `libparsec_crypto` does not check for weak order point of curve 25519
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, libparseccrypto, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...
RustCrypto signatures: Data forgery vulnerability
RustCrypto signatures are a set of digital signature algorithms developed by RustCrypto under open source. In versions of RustCrypto signatures from 0.0.4 to 0.1.0-rc.4, there was a vulnerability related to data manipulation. This vulnerability stemmed from the signature verification implementati...
CVE-2026-23519
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...
CVE-2026-23519 RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...
CVE-2026-23519 RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...
CVE-2026-23519 RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...
EUVD-2026-2731
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...
PT-2026-3096
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi Cortex M0, M0+ and M1 compiler emits non-constant time assembly when using cmovnz...
CVE-2026-22705
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature...
CVE-2026-22698
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...
EUVD-2026-1867
RustCrypto: Signatures has timing side-channel in ML-DSA decomposition...
RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
Summary A denial-of-service vulnerability exists in the SM2 public-key encryption PKE implementation: the decrypt path performs unchecked slice::splitat operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encod...
CVE-2026-22698
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...