Merge pull request #98 from tomaka/libp2p-oops

Add libp2p ed25519 signature verification failure
2026-01-07 04:01:35 +01:00 · 2019-05-15 13:12:52 -07:00
parent c6e83777b7 924dd24c23
commit c1da669027
1 changed files with 13 additions and 0 deletions
--- a/crates/libp2p-core/RUSTSEC-0000-0000.toml
+++ b/crates/libp2p-core/RUSTSEC-0000-0000.toml
@@ -0,0 +1,13 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libp2p-core"
+date = "2019-05-15"
+title = "Failure to properly verify ed25519 signatures makes any signature valid"
+description = """
+Affected versions of this crate did not properly verify ed25519 signatures.
+Any signature with a correct length was considered valid.
+
+This allows an attacker to impersonate any node identity.
+"""
+patched_versions = [">= 0.7.1", ">= 0.8.1"]
+unaffected_versions = ["< 0.3"]