devp2p (>=0.4.0 <=0.4.1), dpt (>=0.3.0 <=0.3.1) +10 more potentially affected by CVE-2019-25003 via libsecp256k1 (=0.1.3)

libsecp256k1 CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on libsecp256k1 and may be impacted: - devp2p =0.4.0, =0.3.0, =0.3.4, =0.3.4, =0.9.2, =0.9.1, =0.4.0, =0.8.2, =0.11.0-beta.0 Source cves: CVE-2019-25003 Source advisory:...

Rust libsecpk crate security vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in libsecp256k1 crate before 0.3.1 for Rust, which stems from a check overflow that allows for a timed side-channel attack; an attacker could exploit this vulnerability to obtain...