4 matches found
CVE-2017-1000168
sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...
CVE-2017-1000168
sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...
CVE-2017-1000168
The CVE-2017-1000168 entry concerns sodiumoxide prior to a fixed release where the scalarmult() function refused all-zero public keys, preventing the derived Diffie-Hellman shared secret from always being zero. The root cause, as documented in multiple sources (e.g., rustsec and GHSA advisories),...
CVE-2017-1000168
sodiumoxide 0.0.13 and older scalarmult vulnerable to degenerate public keys...