CVE-2019-25002

Name of the Vulnerable Software and Affected Versions sodiumoxide crate versions 0.2.0 through 0.2.4

Description An issue was discovered in the sodiumoxide crate for Rust, where the generichash::Digest::eq function compares itself to itself, resulting in degenerate security properties. This means that Digest::eq always returns true and Digest::ne always returns false, due to the incorrect implementation of the PartialEq trait for generichash::Digest.

Recommendations For versions 0.2.0 through 0.2.4, update to version 0.2.5 or later to resolve the issue. As a temporary workaround, consider disabling the use of generichash::Digest::eq and generichash::Digest::ne functions until a patch is available.