40 matches found
EUVD-2021-1618
Malware in sbrugna...
EUVD-2021-1711
Malware in sbrugna...
EUVD-2021-1757
Malware in sbrugna...
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
CVE-2019-25003
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::checkoverflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information...
LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +1341 more potentially affected by unknown CVE via libsecp256k1 (>=0.1.3 <=0.7.2)
libsecp256k1 CARGO version =0.1.3, =0.19.0, =0.4.1, =0.1.0, =0.1.0, =1.0.5, =0.0.1, =0.0.1, =0.0.0-alpha, =0.0.1, =0.0.1-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0161...
RUSTSEC-2025-0161 libsecp256k1 is unmaintained
The maintainers recommend using k256 instead...
Observable Discrepancy in libsecp256k1-rs
A timing vulnerability in the Scalar::checkoverflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack...
GHSA-7CQG-8449-RMFV Observable Discrepancy in libsecp256k1-rs
A timing vulnerability in the Scalar::checkoverflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack...
artillery-core (>=0.1.2 <=0.1.2-alpha.3), bastion (>=0.3.5 <=0.4.5) +500 more potentially affected by CVE-2021-38195 via libsecp256k1 (>=0.1.3 <=0.3.5)
libsecp256k1 CARGO version =0.1.3, =0.1.2, =0.3.5, =0.1.0, =0.1.1, =0.7.0, =0.1.0, =0.2.0, =1.0.0, =0.7.0, =0.8.2 and more Source cves: CVE-2021-38195 Source advisory: OSV:GHSA-G4VJ-X7V9-H82M...
GHSA-G4VJ-X7V9-H82M Overflow in libsecp256k1
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
Overflow in libsecp256k1
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
devp2p (>=0.4.0 <=0.4.1), dpt (>=0.3.0 <=0.3.1) +10 more potentially affected by CVE-2019-25003 via libsecp256k1 (=0.1.3)
libsecp256k1 CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on libsecp256k1 and may be impacted: - devp2p =0.4.0, =0.3.0, =0.3.4, =0.3.4, =0.9.2, =0.9.1, =0.4.0, =0.8.2, =0.11.0-beta.0 Source cves: CVE-2019-25003 Source advisory:...
GHSA-HRJM-C879-PP86 libsecp256k1 contains side-channel timing attack
Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...
libsecp256k1 contains side-channel timing attack
Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...
Design/Logic Flaw
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
CVE-2021-38195
The CVE-2021-38195 issue affects the libsecp256k1 crate for Rust, specifically versions before 0.5.0. The root cause is an overflow where the R or S parameter can be larger than the curve order, allowing an invalid signature to be verified. This vulnerability is described in multiple connected re...
Rust 数据伪造问题漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in libsecp256k1 crate before Rust 0.5.0, which stems from libsecp256k1 crate allowing R or S arguments to be greater than curve order...