Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::check_overflow
in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::check_overflow
to execute in constant time.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-208" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:19:40Z" }