GHSA-4x25-pvhw-5224

Source

https://github.com/advisories/GHSA-4x25-pvhw-5224

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-4x25-pvhw-5224/GHSA-4x25-pvhw-5224.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4x25-pvhw-5224

Aliases

CVE-2019-16143
RUSTSEC-2019-0019

Published

2021-08-25T20:44:20Z

Modified

2023-11-08T04:01:16.407154Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Algorithms compute incorrect results in blake2

Details

An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.

Database specific

{
    "nvd_published_at": "2019-09-09T12:15:00Z",
    "cwe_ids": [
        "CWE-327"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:22:54Z"
}

References

Affected packages

crates.io / blake2

Package

Name: blake2; View open source insights on deps.dev
Purl: pkg:cargo/blake2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.1