CVE-2019-20399

paritytech/libsecp256k1

on github

Published

January 23, 2020

Severity

CVSS v3:

5.9 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.

References

https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:parity:libsecp256k1::::::::	n/a	0.3.1	*

External Links

NVD - CVE-2019-20399