HistoryEdit

RUSTSEC-2020-0156

Observable Discrepancy in libsecp256k1-rs

Reported
Issued
Package
libsecp256k1-rs (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://nvd.nist.gov/vuln/detail/CVE-2019-20399
CVSS Score
5.9 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Patched
  • >=0.3.1

Description

A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.