CVE-2019-20399

Name
CVE-2019-20399
Description
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:parity:libsecp256k1:*:*:*:*:*:*:*:* libsecp256k1 >= None < 0.3.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libsecp256k1 3.14-community 0_git20201009-r1 Michał Adamski <michal@ert.pl> fixed
libsecp256k1 edge-community 0_git20211025-r1 Michał Adamski <michal@ert.pl> fixed
libsecp256k1 3.15-community 0_git20211025-r1 Michał Adamski <michal@ert.pl> possibly vulnerable