OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ffe539ba4d813df23d85bbb57cddabe820ee2a1f
advisory-db/crates/libsecp256k1/RUSTSEC-2021-0076.md
Alexander Kjäll f4a8973706 add cve info to advisories (#1099) 
* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
2021-11-06 21:37:35 +01:00

555 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0076"
package = "libsecp256k1"
date = "2021-07-13"
url = "https://github.com/paritytech/libsecp256k1/pull/67"
categories = ["crypto-failure"]
aliases	= ["CVE-2021-38195"]

[versions]
patched = [">= 0.5.0"]

libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified.

The error is resolved in 0.5.0 by adding a check_overflow flag.