Reported

January 22, 2020

Issued

September 9, 2021 (last modified: September 10, 2021)

Package

libsecp256k1-rs (crates.io)

Type

Vulnerability

Categories

• crypto-failure

Aliases

• CVE-2019-20399
• GHSA-7cqg-8449-rmfv

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-20399

CVSS Score

5.9 MEDIUM

CVSS Details

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

High

Integrity Impact

None

Availability Impact

None

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Patched

• >=0.3.1

Description

A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.

Advisory available under CC0-1.0 license.