GHSA-wrvc-72w7-xpmj

Suggest an improvement
Source
https://github.com/advisories/GHSA-wrvc-72w7-xpmj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-wrvc-72w7-xpmj/GHSA-wrvc-72w7-xpmj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wrvc-72w7-xpmj
Aliases
Published
2021-08-25T20:45:54Z
Modified
2023-11-08T04:01:31.981797Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Incorrect Comparison in sodiumoxide
Details

An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.

References

Affected packages

crates.io / sodiumoxide

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.2.0
Fixed
0.2.5

Ecosystem specific

{
    "affected_functions": [
        "sodiumoxide::crypto::generichash::Digest::eq",
        "sodiumoxide::crypto::generichash::Digest::ne"
    ]
}