HistoryEdit

RUSTSEC-2017-0001

scalarmult() vulnerable to degenerate public keys

Issued
Package
sodiumoxide (crates.io)
Type
Vulnerability
Keywords
#cryptography
Aliases
Details
https://github.com/dnaq/sodiumoxide/issues/154
CVSS Score
6.5 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Patched
  • >=0.0.14

Description

The scalarmult() function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used.

This issue was fixed by checking for this class of keys and rejecting them if they are used.