CVE-2019-25003

Name
CVE-2019-25003
Description
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://rustsec.org/advisories/RUSTSEC-2019-0027.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:parity:libsecp256k1:*:*:*:*:*:rust:*:* libsecp256k1 >= None < 0.3.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libsecp256k1 3.14-community 0_git20201009-r1 Michał Adamski <michal@ert.pl> fixed
libsecp256k1 edge-community 0_git20211025-r1 Michał Adamski <michal@ert.pl> fixed
libsecp256k1 3.15-community 0_git20211025-r1 Michał Adamski <michal@ert.pl> possibly vulnerable