RUSTSEC-2019-0027: libsecp256k1: Flaw in Scalar::check_overflow allows side-channel timing attack

Description

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::check_overflow in constant time.

This allows an attacker to potentially leak information via a timing attack.

The flaw was corrected by modifying Scalar::check_overflow to execute in constant time.

Patched Versions