MidnightBSD

Advisories for sodiumoxide_project

CVE-2017-1000168 MEDIUM

sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sodiumoxide_project sodiumoxide *
CVE-2019-25002 HIGH

An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sodiumoxide_project sodiumoxide *