4 matches found
CVE-2019-25003
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::checkoverflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information...
CVE-2019-25003
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::checkoverflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information...
CVE-2019-25003
CVE-2019-25003 affects the Rust libsecp256k1 crate prior to 0.3.1, where Scalar::check_overflow did not execute in constant time. This timing side-channel can allow an attacker to potentially obtain sensitive information. The issue is fixed in 0.3.1 by making Scalar::check_overflow constant time;...
devp2p (>=0.4.0 <=0.4.1), dpt (>=0.3.0 <=0.3.1) +10 more potentially affected by CVE-2019-25003 via libsecp256k1 (=0.1.3)
libsecp256k1 CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on libsecp256k1 and may be impacted: - devp2p =0.4.0, =0.3.0, =0.3.4, =0.3.4, =0.9.2, =0.9.1, =0.4.0, =0.8.2, =0.11.0-beta.0 Source cves: CVE-2019-25003 Source advisory:...