PT-2025-31036 · Unknown · Ed25519-Dalek
Published
2022-06-11
·
Updated
2025-07-28
·
CVE-2022-50237
CVSS v3.1
5.9
| Vector | AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
Fix
Weakness Enumeration
Related Identifiers
Affected Products
Ed25519-Dalek
Published
2022-06-11
·
Updated
2025-07-28
·
CVE-2022-50237
5.9
Medium
| Base vector | Vector | AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
ed25519-dalek crate versions prior to 2
Description:
The ed25519-dalek crate for Rust contains a flaw that allows a double public key signing function oracle attack. The Keypair implementation can lead to the extraction of a private key.
Recommendations:
Update the ed25519-dalek crate to version 2 or later.
Fix