SUSE CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...

GHSA-G693-V3JR-8HCR Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...

UBUNTU-CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...

CVE-2022-50237

The CVE-2022-50237 entry concerns the ed25519-dalek Rust crate prior to version 2. The Keypair implementation enables a double public key signing function oracle attack, enabling an attacker to compute/extract a private key from signatures. Reported impact includes confidentiality loss; CVSSv3.1 ...

rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency

Impact The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe AP...

GHSA-J57R-4QW6-58R3 rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency

Impact The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe AP...

GHSA-W5VR-6QHR-36CC `ed25519-dalek` Double Public Key Signing Function Oracle Attack

Versions of ed25519-dalek prior to v2.0 model private and public keys as separate types which can be assembled into a Keypair, and also provide APIs for serializing and deserializing 64-byte private/public keypairs. Such APIs and serializations are inherently unsafe as the public key is one of th...

`ed25519-dalek` Double Public Key Signing Function Oracle Attack

Versions of ed25519-dalek prior to v2.0 model private and public keys as separate types which can be assembled into a Keypair, and also provide APIs for serializing and deserializing 64-byte private/public keypairs. Such APIs and serializations are inherently unsafe as the public key is one of th...

NT-anchor-spl (>=0.19.0 <=0.19.5), NT-anchor-spl-testnet (=0.19.2) +1598 more potentially affected by CVE-2022-50237 via ed25519-dalek (>=0.9.1 <=1.0.1)

ed25519-dalek CARGO version =0.9.1, =0.19.0, =0.4.2, =0.2.0-beta.4, =0.1.0, =0.1.1, =0.1.0, =1.0.5, =0.0.0-alpha, =0.0.1-alpha.1, =0.5.0, =0.5.2, =0.8.0, =0.8.0, =0.8.9 and more Source cves: CVE-2022-50237 Source advisory: OSV:GHSA-W5VR-6QHR-36CC...

sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...