1. CVE-Search
  2. CVE-2019-25003
ID CVE-2019-25003
Summary An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.
References
Vulnerable Configurations
  • cpe:2.3:a:parity:libsecp256k1:-:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:-:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.0:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.0:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.2:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.2:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.3:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.3:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.4:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.4:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.5:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.5:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.6:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.6:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.7:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.7:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.8:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.8:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.9:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.9:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.10:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.10:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.11:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.11:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.12:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.12:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.13:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.13:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.14:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.14:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.1.15:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.1.15:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.2.0:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.2.0:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.2.1:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.2.1:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.2.2:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.2.2:*:*:*:*:rust:*:*
  • cpe:2.3:a:parity:libsecp256k1:0.3.0:*:*:*:*:rust:*:*
    cpe:2.3:a:parity:libsecp256k1:0.3.0:*:*:*:*:rust:*:*
CVSS
Base: 5.0 (as of 06-01-2021 - 20:12)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
misc https://rustsec.org/advisories/RUSTSEC-2019-0027.html
Last major update 06-01-2021 - 20:12
Published 31-12-2020 - 10:15
Last modified 06-01-2021 - 20:12
Back to Top