RUSTSEC-2019-0030

Incorrect implementation of the Streebog hash functions

Reported

October 6, 2019

Issued

October 1, 2020 (last modified: November 2, 2023)

Package

streebog (crates.io)

Type

Vulnerability

Categories

crypto-failure

Aliases

CVE-2019-25006
CVE-2019-25007
GHSA-39wr-f4ff-xm6p
GHSA-gf93-h79q-6jjv

References

https://github.com/RustCrypto/hashes/pull/91

Patched

>=0.8.0

Description

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs.

Advisory available under CC0-1.0 license.