OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
26d56f7614f76efd4ededca46214d227efa66ed2
advisory-db/crates/libsecp256k1/RUSTSEC-2021-0076.md
github-actions[bot] e20838a4ff Assigned RUSTSEC-2021-0076 to libsecp256k1 (#964) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
2021-07-13 15:47:59 +03:00

525 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0076"
package = "libsecp256k1"
date = "2021-07-13"
url = "https://github.com/paritytech/libsecp256k1/pull/67"
categories = ["crypto-failure"]
[versions]
patched = [">= 0.5.0"]

libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified.

The error is resolved in 0.5.0 by adding a check_overflow flag.