Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ybTY2LTlnaDQtNGdwOM4ABBP7
cggmp21 vulnerable to ambiguous challenge derivation
Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability (however, it's unknown if it could be exploited).
Permalink: https://github.com/advisories/GHSA-rm66-9gh4-4gp8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybTY2LTlnaDQtNGdwOM4ABBP7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 8 days ago
Updated: 8 days ago
Identifiers: GHSA-rm66-9gh4-4gp8
References:
- https://github.com/dfns/cggmp21/pull/103
- https://rustsec.org/advisories/RUSTSEC-2024-0393.html
- https://github.com/advisories/GHSA-rm66-9gh4-4gp8
Blast Radius: 1.0
Affected Packages
cargo:cggmp21
Dependent packages: 0Dependent repositories: 0
Downloads: 8,982 total
Affected Version Ranges: < 0.4.0
Fixed in: 0.4.0
All affected versions: 0.0.0, 0.1.0, 0.1.1, 0.2.0, 0.2.1
All unaffected versions: 0.4.0, 0.4.1, 0.4.2, 0.5.0