Turn the issue about shamir into an advisory (#1134)

2025-12-28 15:28:09 +01:00 · 2021-12-27 14:28:54 -05:00
parent 1ea676a614
commit a20a779bf7
1 changed files with 20 additions and 0 deletions
--- a/crates/shamir/RUSTSEC-0000-0000.md
+++ b/crates/shamir/RUSTSEC-0000-0000.md
@@ -0,0 +1,20 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "shamir"
+date = "2020-01-21"
+url = "https://github.com/Nebulosus/shamir/issues/3"
+categories = ["crypto-failure"]
+
+[versions]
+patched = [">= 2.0.0"]
+```
+
+# Threshold value is ignored (all shares are n=3)
+
+Affected versions of this crate did not properly calculate secret shares requirements.
+
+This reduces the security of the algorithm by restricting the crate to always
+using a threshold value of three, rather than a configurable limit.
+
+The flaw was corrected by correctly configuring the threshold.