Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MjUtcHZody01MjI0
Algorithms compute incorrect results in blake2
An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.
Permalink: https://github.com/advisories/GHSA-4x25-pvhw-5224JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MjUtcHZody01MjI0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-4x25-pvhw-5224, CVE-2019-16143
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16143
- https://github.com/RustCrypto/MACs/issues/19
- https://rustsec.org/advisories/RUSTSEC-2019-0019.html
- https://github.com/advisories/GHSA-4x25-pvhw-5224
Blast Radius: 36.9
Affected Packages
cargo:blake2
Dependent packages: 429Dependent repositories: 5,847
Downloads: 24,475,320 total
Affected Version Ranges: < 0.8.1
Fixed in: 0.8.1
All affected versions: 0.0.0, 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.8.0
All unaffected versions: 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6