MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjcWctODQ0OS1ybWZ2

Moderate EPSS: 0.00391% (0.5952 Percentile) EPSS:

Permalink JSON

Observable Discrepancy in libsecp256k1-rs

Affected Packages	Affected Versions	Fixed Versions
cargo:libsecp256k1-rs PURL: `pkg:cargo/libsecp256k1-rs`	< 0.3.1	0.3.1
0 Dependent packages 0 Dependent repositories 9,258 Downloads total Affected Version Ranges All affected versions 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4 All unaffected versions

A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-20399
https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50
https://rustsec.org/advisories/RUSTSEC-2020-0156.html
https://github.com/advisories/GHSA-7cqg-8449-rmfv

Identifiers

GHSA-7cqg-8449-rmfv

CVE-2019-20399

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00391

EPSS Percentile: 0.5952

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/paritytech/libsecp256k1

Date and time

Published

about 4 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories