Name of the Vulnerable Software and Affected Versions hd wallet versions prior to 0.6.0 slip 10 versions prior to 0.6.0 (note: slip 10 version 0.4 is mentioned, but it is not clear if versions after 0.4 and before 0.6 are affected, assuming 0.6 is the fixed version for slip 10 as well)

Description The issue affects users of the hd wallet::Slip10Like or slip 10 derivation method instantiated with curves other than secp256k1 and secp256r1. This could be exploited by an attacker to force someone to execute a lot of iterations of the loop to find a valid child key. However, for standard curves secp256k1 and secp256r1, the probability of getting an invalid scalar is very low. Theoretically, an attacker could try to DoS constructions instantiated with other curves, such as ed25519 or stark curves, for which the probability of getting an invalid scalar is high.

Recommendations For hd wallet versions prior to 0.6.0, upgrade to version 0.6.0 or later. For slip 10 versions prior to 0.6.0, migrate to hd wallet version 0.6.0 or later, possibly by first migrating from slip 10 version 0.4 to hd wallet version 0.5 and then upgrading to version 0.6.0. As a temporary workaround, consider using alternative derivation methods, such as hd wallet::Edwards for ed25519 curve or hd wallet::Stark for stark curve, if you need HD derivation on other curves than secp256k1 and secp256r1.