Reported

January 21, 2020

Issued

December 27, 2021 (last modified: June 13, 2023)

Package

shamir (crates.io)

Type

Vulnerability

Categories

• crypto-failure

Aliases

• GHSA-978j-88f3-p5j3

References

• https://github.com/Nebulosus/shamir/issues/3

Patched

• >=2.0.0

Description

Affected versions of this crate did not properly calculate secret shares requirements.

This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit.

The flaw was corrected by correctly configuring the threshold.

Advisory available under CC0-1.0 license.