40 matches found
EUVD-2021-1757
Malware in sbrugna...
EUVD-2021-1711
Malware in sbrugna...
EUVD-2021-1618
Malware in sbrugna...
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
CVE-2019-25003
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::checkoverflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information...
LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +1319 more potentially affected by unknown CVE via libsecp256k1 (>=0.1.3 <=0.7.2)
libsecp256k1 CARGO version =0.1.3, =0.19.0, =0.4.1, =0.1.0, =0.1.0, =1.0.5, =0.0.1, =0.0.1, =0.0.0-alpha, =0.0.1, =0.0.1-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0161...
RUSTSEC-2025-0161 libsecp256k1 is unmaintained
The maintainers recommend using k256 instead...
Observable Discrepancy in libsecp256k1-rs
A timing vulnerability in the Scalar::checkoverflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack...
GHSA-7CQG-8449-RMFV Observable Discrepancy in libsecp256k1-rs
A timing vulnerability in the Scalar::checkoverflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack...
Overflow in libsecp256k1
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
GHSA-G4VJ-X7V9-H82M Overflow in libsecp256k1
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
artillery-core (>=0.1.2 <=0.1.2-alpha.3), bastion (>=0.3.5 <=0.4.5) +489 more potentially affected by CVE-2021-38195 via libsecp256k1 (>=0.1.3 <=0.3.5)
libsecp256k1 CARGO version =0.1.3, =0.1.2, =0.3.5, =0.1.0, =0.1.1, =0.7.0, =0.1.0, =0.2.0, =1.0.0, =0.7.0, =0.8.2 and more Source cves: CVE-2021-38195 Source advisory: OSV:GHSA-G4VJ-X7V9-H82M...
devp2p (>=0.4.0 <=0.4.1), dpt (>=0.3.0 <=0.3.1) +10 more potentially affected by CVE-2019-25003 via libsecp256k1 (=0.1.3)
libsecp256k1 CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on libsecp256k1 and may be impacted: - devp2p =0.4.0, =0.3.0, =0.3.4, =0.3.4, =0.9.2, =0.9.1, =0.4.0, =0.8.2, =0.11.0-beta.0 Source cves: CVE-2019-25003 Source advisory:...
GHSA-HRJM-C879-PP86 libsecp256k1 contains side-channel timing attack
Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...
libsecp256k1 contains side-channel timing attack
Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
Design/Logic Flaw
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
CVE-2021-38195
The CVE-2021-38195 issue affects the libsecp256k1 crate for Rust, specifically versions before 0.5.0. The root cause is an overflow where the R or S parameter can be larger than the curve order, allowing an invalid signature to be verified. This vulnerability is described in multiple connected re...
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
Rust 数据伪造问题漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in libsecp256k1 crate before Rust 0.5.0, which stems from libsecp256k1 crate allowing R or S arguments to be greater than curve order...