HistoryEditJSON (OSV)

RUSTSEC-2020-0156

Observable Discrepancy in libsecp256k1-rs

Reported
Issued
Package
libsecp256k1-rs (crates.io)
Type
Vulnerability
Categories
Aliases
References
CVSS Score
5.9 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Patched
  • >=0.3.1

Description

A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.

Advisory available under CC0-1.0 license.