MidnightBSD

Advisories for dalek

CVE-2024-58262

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.4 1.4
nvd@nist.gov 5.1 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 1.4 3.6

Products Affected

Vendor Product Version
dalek curve25519-dalek *