RUSTSEC-2019-0030

Incorrect implementation of the Streebog hash functions

Reported

October 6, 2019

Issued

October 2, 2020 (last modified: January 4, 2021)

Package

streebog (crates.io)

Type

Vulnerability

Categories

crypto-failure

Aliases

CVE-2020-25575
CVE-2019-25006
CVE-2019-25007

Details

https://github.com/RustCrypto/hashes/pull/91

Patched

>=0.8.0

Description

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs.