Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MjUtcHZody01MjI0
Algorithms compute incorrect results in blake2
An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.
Permalink: https://github.com/advisories/GHSA-4x25-pvhw-5224JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MjUtcHZody01MjI0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-4x25-pvhw-5224, CVE-2019-16143
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16143
- https://github.com/RustCrypto/MACs/issues/19
- https://rustsec.org/advisories/RUSTSEC-2019-0019.html
- https://github.com/advisories/GHSA-4x25-pvhw-5224
Blast Radius: 36.9
Affected Packages
cargo:blake2
Dependent packages: 475Dependent repositories: 5,847
Downloads: 38,065,453 total
Affected Version Ranges: < 0.8.1
Fixed in: 0.8.1
All affected versions: 0.0.0, 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.8.0
All unaffected versions: 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6