19 matches found
Security Bulletin: IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262.
Summary IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-58262 DESCRIPTION: The curve25519-dalek crate before 4.1.3 for Rust has a constant-time...
EUVD-2024-54823
Malicious code in bioql PyPI...
EUVD-2025-29440
Malicious code in bioql PyPI...
SUSE CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
A flaw was found in curve25519-dalek. The crate’s implementation of constant-time operations on elliptic curve scalars lacks proper LLVM optimization, potentially revealing information about the scalar's bits. A local attacker can observe timing differences during scalar operations. This...
GHSA-4HFF-HH47-7788 Duplicate Advisory: curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is...
Duplicate Advisory: curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
DEBIAN-CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
CVE-2024-58262
The CVE-2024-58262 issue affects the curve25519-dalek Rust crate prior to version 4.1.3, where a constant-time operation on elliptic curve scalars is removed by LLVM. This timing-related behavior can impact confidentiality and is classified with a MEDIUM severity (NVD CVSS 3.1: 5.1). Public refer...
curve25519-dalek crate 安全漏洞
curve25519-dalek crate is a Rust library from dalek cryptography open source. A security vulnerability exists in curve25519-dalek crate versions prior to 4.1.3, which stems from the possibility of disclosing private keys and other secrets...
LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +2866 more potentially affected by CVE-2024-58262 via curve25519-dalek (>=1.1.3 <=4.1.0)
curve25519-dalek CARGO version =1.1.3, =0.19.0, =0.4.1, =0.2.4, =0.13.0, =0.16.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0-beta.4, =0.2.0-beta.4, =0.13.0, =0.16.5, =0.16.7 and more Source cves: CVE-2024-58262 Source advisory: OSV:GHSA-X4GP-PQPJ-F43Q...
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...
GHSA-X4GP-PQPJ-F43Q curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...
LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +2866 more potentially affected by CVE-2024-58262 via curve25519-dalek (>=1.1.3 <=4.1.0)
curve25519-dalek CARGO version =1.1.3, =0.19.0, =0.4.1, =0.2.4, =0.13.0, =0.16.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0-beta.4, =0.2.0-beta.4, =0.13.0, =0.16.5, =0.16.7 and more Source cves: CVE-2024-58262 Source advisory: OSV:RUSTSEC-2024-0344...
RUSTSEC-2024-0344 Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...
Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...