CVE-2022-50237

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ed25519-dalek crate versions prior to 2

Description The ed25519-dalek crate for Rust contains a flaw that allows a double public key signing function oracle attack. The Keypair implementation can lead to the extraction of a private key.

Recommendations Update the ed25519-dalek crate to version 2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497

Related Identifiers

CVE-2022-50237

GHSA-G693-V3JR-8HCR

GHSA-W5VR-6QHR-36CC

RUSTSEC-2022-0093

Affected Products

Ed25519-Dalek

CVE-2022-50237

Weakness Enumeration

Related Identifiers

Affected Products

References · 13