Categories ⋅ Keywords ⋅ Packages Advisories in category 'crypto-failure' March 25, 2023 RUSTSEC-2023-0029: Vulnerability in nats TLS certificate common name validation bypass March 24, 2023 RUSTSEC-2023-0027: Vulnerability in async-nats TLS certificate common name validation bypass February 7, 2023 RUSTSEC-2023-0007: Vulnerability in openssl-src Timing Oracle in RSA Decryption February 7, 2023 MEDIUM RUSTSEC-2022-0089: Vulnerability in aliyun-oss-client aliyun-oss-client secret exposure February 2, 2023 HIGH RUSTSEC-2022-0083: Vulnerability in evm evm incorrect state transition January 20, 2023 RUSTSEC-2023-0003: Vulnerability in libgit2-sys git2 does not verify SSH keys by default January 12, 2023 RUSTSEC-2023-0002 (withdrawn advisory) October 11, 2022 RUSTSEC-2022-0059: Vulnerability in openssl-src Using a Custom Cipher with NID_undef may lead to NULL encryption August 11, 2022 RUSTSEC-2022-0047: Vulnerability in oqs Post-Quantum Signature scheme Rainbow level I parametersets broken August 9, 2022 RUSTSEC-2022-0045: Vulnerability in oqs Post-Quantum Key Encapsulation Mechanism SIKE broken July 25, 2022 INFO RUSTSEC-2022-0034: Unsoundness in pkcs11 Safety issues in pkcs11 July 5, 2022 RUSTSEC-2022-0032: Vulnerability in openssl-src AES OCB fails to encrypt some bytes July 5, 2022 RUSTSEC-2022-0033: Vulnerability in openssl-src Heap memory corruption with RSA private key operation May 19, 2022 MEDIUM RUSTSEC-2022-0027: Vulnerability in openssl-src OCSP_basic_verify may incorrectly verify the response signing certificate May 19, 2022 MEDIUM RUSTSEC-2022-0026: Vulnerability in openssl-src Incorrect MAC key used in the RC4-MD5 ciphersuite May 9, 2022 MEDIUM RUSTSEC-2022-0018: Vulnerability in totp-rs Timing attack March 1, 2022 RUSTSEC-2022-0011: Vulnerability in rust-crypto Miscomputation when performing AES encryption in rust-crypto February 7, 2022 RUSTSEC-2022-0009: Vulnerability in libp2p-core Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord December 27, 2021 RUSTSEC-2020-0160: Vulnerability in shamir Threshold value is ignored (all shares are n=3) September 9, 2021 MEDIUM RUSTSEC-2020-0156: Vulnerability in libsecp256k1-rs Observable Discrepancy in libsecp256k1-rs September 9, 2021 RUSTSEC-2021-0100: Vulnerability in sha2 Miscomputed results when using AVX2 backend August 24, 2021 CRITICAL RUSTSEC-2021-0097: Vulnerability in openssl-src SM2 Decryption Buffer Overflow August 24, 2021 HIGH RUSTSEC-2021-0098: Vulnerability in openssl-src Read buffer overruns processing ASN.1 strings July 13, 2021 RUSTSEC-2021-0076: Vulnerability in libsecp256k1 libsecp256k1 allows overflowing signatures July 9, 2021 RUSTSEC-2021-0075: Vulnerability in ark-r1cs-std Flaw in FieldVar::mul_by_inverse allows unsound R1CS constraint systems May 1, 2021 HIGH RUSTSEC-2021-0056: Vulnerability in openssl-src CA certificate check bypass with X509_V_FLAG_X509_STRICT February 15, 2021 CRITICAL RUSTSEC-2021-0023: Vulnerability in rand_core Incorrect check on buffer length when seeding RNGs December 9, 2020 MEDIUM RUSTSEC-2020-0089: Vulnerability in nanorand nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers October 2, 2020 MEDIUM RUSTSEC-2016-0002: Vulnerability in hyper HTTPS MitM vulnerability due to lack of hostname verification October 2, 2020 HIGH RUSTSEC-2019-0029: Vulnerability in chacha20 ChaCha20 counter overflow can expose repetitions in the keystream October 2, 2020 HIGH RUSTSEC-2019-0025: Vulnerability in serde_cbor Flaw in CBOR deserializer allows stack overflow October 2, 2020 RUSTSEC-2019-0030: Vulnerability in streebog Incorrect implementation of the Streebog hash functions October 2, 2020 HIGH RUSTSEC-2019-0027: Vulnerability in libsecp256k1 Flaw in Scalar::check_overflow allows side-channel timing attack October 2, 2020 CRITICAL RUSTSEC-2019-0019: Vulnerability in blake2 HMAC-BLAKE2 algorithms compute incorrect results