Skip to content
This repository has been archived by the owner on Jun 17, 2022. It is now read-only.

RUSTSEC-2019-0004: Failure to properly verify ed25519 signatures makes any signature valid #37

Open
github-actions bot opened this issue Nov 5, 2019 · 0 comments
Open

RUSTSEC-2019-0004: Failure to properly verify ed25519 signatures makes any signature valid #37

github-actions bot opened this issue Nov 5, 2019 · 0 comments

Comments

@github-actions
Copy link

github-actions bot commented Nov 5, 2019

Failure to properly verify ed25519 signatures makes any signature valid

Details
Package libp2p-core
Version 0.7.0
URL
Date 2019-05-15
Patched versions ^0.7.1,>= 0.8.1
Unaffected versions < 0.3

Affected versions of this crate did not properly verify ed25519 signatures.
Any signature with a correct length was considered valid.

This allows an attacker to impersonate any node identity.

See advisory page for additional details.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants