GHSA-rm66-9gh4-4gp8

Source

https://github.com/advisories/GHSA-rm66-9gh4-4gp8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-rm66-9gh4-4gp8/GHSA-rm66-9gh4-4gp8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rm66-9gh4-4gp8

Published

2024-11-12T20:54:58Z

Modified

2024-11-12T20:54:58Z

Severity

2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

cggmp21 vulnerable to ambiguous challenge derivation

Details

Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability (however, it's unknown if it could be exploited).

References

https://github.com/dfns/cggmp21/pull/103
https://github.com/LFDT-Lockness/cggmp21
https://rustsec.org/advisories/RUSTSEC-2024-0393.html

Affected packages

crates.io / cggmp21

Package

Name: cggmp21; View open source insights on deps.dev
Purl: pkg:cargo/cggmp21

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.0