OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 08:13:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Advisory: sodiumoxide degenerate public keys

Browse Source 
Fixed in sodiumoxide 0.0.14.

See: https://github.com/dnaq/sodiumoxide/issues/154
This commit is contained in:
Tony Arcieri
2017-02-25 15:51:05 -08:00
parent 648ea485b0
commit 1a18a429fc
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
crates/sodiumoxide/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,14 @@
[advisory]
package = "sodiumoxide"
patched_versions = [">= 0.0.14"]
dwf = []
url = "https://github.com/dnaq/sodiumoxide/issues/154"
title = "scalarmult() vulnerable to degenerate public keys"
description = """
The `scalarmult()` function included in previous versions of this crate
accepted all-zero public keys, for which the resulting Diffie-Hellman shared
secret will always be zero regardless of the private key used.
This issue was fixed by checking for this class of keys and rejecting them
if they are used.
"""