RSS   Vulnerabilities for 'Libsecp256k1'   RSS

2021-08-08
 
CVE-2021-38195

CWE-347
 

 
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.

 
2020-12-31
 
CVE-2019-25003

NVD-CWE-Other
 

 
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.

 
2020-01-23
 
CVE-2019-20399

CWE-362
 

 
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.

 

 >>> Vendor: Parity 4 Products
Browser
Ethereum client
Libsecp256k1
Frontier


Copyright 2024, cxsecurity.com

 

Back to Top