Categories ⋅ Keywords ⋅ Packages Advisories in category 'crypto-failure' April 4, 2025 MEDIUM RUSTSEC-2025-0021: Vulnerability in gix-features SHA-1 collision attacks are not detected February 10, 2025 RUSTSEC-2025-0006: Vulnerability in hickory-proto Hickory DNS failure to verify self-signed RRSIG for DNSKEYs January 22, 2025 INFO RUSTSEC-2024-0434: Security notice about matrix-sdk-crypto Missing facility to signal rotation of a verified cryptographic identity December 28, 2024 RUSTSEC-2024-0430: Vulnerability in magic-crypt Use of insecure cryptographic algorithms November 17, 2024 RUSTSEC-2024-0398: Vulnerability in sharks Bias of Polynomial Coefficients in Secret Sharing November 10, 2024 RUSTSEC-2024-0393: Vulnerability in cggmp21 Ambiguous challenge derivation November 10, 2024 RUSTSEC-2024-0391: Vulnerability in paillier-zk Ambiguous challenge derivation November 10, 2024 RUSTSEC-2024-0392: Vulnerability in cggmp21-keygen Ambiguous challenge derivation September 2, 2024 RUSTSEC-2024-0368: Vulnerability in olm-sys olm-sys: wrapped library unmaintained, potentially vulnerable July 19, 2024 RUSTSEC-2024-0356: Vulnerability in matrix-sdk-crypto UserIdentity::is_verified not checking verification status of own user identity while performing the check July 18, 2024 RUSTSEC-2024-0354: Vulnerability in vodozemac Usage of non-constant time base64 decoder could lead to leakage of secret key material June 18, 2024 RUSTSEC-2024-0344: Vulnerability in curve25519-dalek Timing variability in curve25519-dalek's Scalar29::sub/Scalar52::sub June 3, 2024 CRITICAL RUSTSEC-2024-0343: Vulnerability in nano-id Reduced entropy due to inadequate character set usage February 9, 2024 HIGH RUSTSEC-2023-0079: Vulnerability in pqc_kyber KyberSlash: division timings depending on secrets February 9, 2024 RUSTSEC-2024-0011: Vulnerability in snow Unauthenticated Nonce Increment in snow February 6, 2024 RUSTSEC-2024-0010: Vulnerability in svix Improper comparison of different-length signatures November 28, 2023 MEDIUM RUSTSEC-2023-0071: Vulnerability in rsa Marvin Attack: potential key recovery through timing sidechannels October 23, 2023 MEDIUM RUSTSEC-2023-0068: Vulnerability in cocoon Sequential calls of encryption API (encrypt, wrap, and dump) result in nonce reuse August 14, 2023 RUSTSEC-2022-0093: Vulnerability in ed25519-dalek Double Public Key Signing Function Oracle Attack on ed25519-dalek March 25, 2023 RUSTSEC-2023-0027: Vulnerability in async-nats TLS certificate common name validation bypass March 25, 2023 RUSTSEC-2023-0029: Vulnerability in nats TLS certificate common name validation bypass February 7, 2023 RUSTSEC-2023-0007: Vulnerability in openssl-src Timing Oracle in RSA Decryption February 7, 2023 MEDIUM RUSTSEC-2022-0089: Vulnerability in aliyun-oss-client aliyun-oss-client secret exposure February 2, 2023 HIGH RUSTSEC-2022-0083: Vulnerability in evm evm incorrect state transition January 21, 2023 RUSTSEC-2023-0003: Vulnerability in libgit2-sys git2 does not verify SSH keys by default January 12, 2023 RUSTSEC-2023-0002 (withdrawn advisory) October 11, 2022 RUSTSEC-2022-0059: Vulnerability in openssl-src Using a Custom Cipher with NID_undef may lead to NULL encryption August 11, 2022 RUSTSEC-2022-0047: Vulnerability in oqs Post-Quantum Signature scheme Rainbow level I parametersets broken August 9, 2022 RUSTSEC-2022-0045: Vulnerability in oqs Post-Quantum Key Encapsulation Mechanism SIKE broken July 25, 2022 INFO RUSTSEC-2022-0034: Unsoundness in pkcs11 Safety issues in pkcs11 July 5, 2022 RUSTSEC-2022-0032: Vulnerability in openssl-src AES OCB fails to encrypt some bytes July 5, 2022 RUSTSEC-2022-0033: Vulnerability in openssl-src Heap memory corruption with RSA private key operation May 19, 2022 MEDIUM RUSTSEC-2022-0027: Vulnerability in openssl-src OCSP_basic_verify may incorrectly verify the response signing certificate May 19, 2022 MEDIUM RUSTSEC-2022-0026: Vulnerability in openssl-src Incorrect MAC key used in the RC4-MD5 ciphersuite May 9, 2022 MEDIUM RUSTSEC-2022-0018: Vulnerability in totp-rs Timing attack March 1, 2022 RUSTSEC-2022-0011: Vulnerability in rust-crypto Miscomputation when performing AES encryption in rust-crypto February 7, 2022 RUSTSEC-2022-0009: Vulnerability in libp2p-core Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord December 27, 2021 RUSTSEC-2020-0160: Vulnerability in shamir Threshold value is ignored (all shares are n=3) September 9, 2021 RUSTSEC-2021-0100: Vulnerability in sha2 Miscomputed results when using AVX2 backend September 9, 2021 MEDIUM RUSTSEC-2020-0156: Vulnerability in libsecp256k1-rs Observable Discrepancy in libsecp256k1-rs August 24, 2021 CRITICAL RUSTSEC-2021-0097: Vulnerability in openssl-src SM2 Decryption Buffer Overflow August 24, 2021 HIGH RUSTSEC-2021-0098: Vulnerability in openssl-src Read buffer overruns processing ASN.1 strings July 13, 2021 RUSTSEC-2021-0076: Vulnerability in libsecp256k1 libsecp256k1 allows overflowing signatures July 9, 2021 RUSTSEC-2021-0075: Vulnerability in ark-r1cs-std Flaw in FieldVar::mul_by_inverse allows unsound R1CS constraint systems May 1, 2021 HIGH RUSTSEC-2021-0056: Vulnerability in openssl-src CA certificate check bypass with X509_V_FLAG_X509_STRICT February 15, 2021 CRITICAL RUSTSEC-2021-0023: Vulnerability in rand_core Incorrect check on buffer length when seeding RNGs December 9, 2020 MEDIUM RUSTSEC-2020-0089: Vulnerability in nanorand nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers October 1, 2020 CRITICAL RUSTSEC-2019-0019: Vulnerability in blake2 HMAC-BLAKE2 algorithms compute incorrect results October 1, 2020 HIGH RUSTSEC-2019-0025: Vulnerability in serde_cbor Flaw in CBOR deserializer allows stack overflow October 1, 2020 HIGH RUSTSEC-2019-0029: Vulnerability in chacha20 ChaCha20 counter overflow can expose repetitions in the keystream October 1, 2020 RUSTSEC-2019-0030: Vulnerability in streebog Incorrect implementation of the Streebog hash functions October 1, 2020 HIGH RUSTSEC-2019-0027: Vulnerability in libsecp256k1 Flaw in Scalar::check_overflow allows side-channel timing attack October 1, 2020 MEDIUM RUSTSEC-2016-0002: Vulnerability in hyper HTTPS MitM vulnerability due to lack of hostname verification