Reported

October 6, 2019

Issued

October 1, 2020 (last modified: November 2, 2023)

Package

streebog (crates.io)

Type

Vulnerability

Categories

• crypto-failure

Aliases

• CVE-2019-25006
• CVE-2019-25007
• GHSA-39wr-f4ff-xm6p
• GHSA-gf93-h79q-6jjv

References

• https://github.com/RustCrypto/hashes/pull/91

Patched

• >=0.8.0

Description

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs.

Advisory available under CC0-1.0 license.