RUSTSEC-2020-0156
on 2020-01-22: Observable Discrepancy in libsecp256k1-rs
This crate has no reviews yet. To add a review, set up your cargo-crev
.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open libsecp256k1-rs
. Alternatively, you can download the tarball of libsecp256k1-rs v0.2.4 or view the source online.
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.
CVE-2019-20399
GHSA-7cqg-8449-rmfv