RUSTSEC-2019-0004

Failure to properly verify ed25519 signatures makes any signature valid

Issued
Package
libp2p-core (crates.io)
Type
Vulnerability
Aliases
Patched
  • ^0.7.1
  • >=0.8.1
Unaffected
  • <0.3

Description

Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid.

This allows an attacker to impersonate any node identity.

More