Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 02ae695cf5cb · 2025-11-25T20:43:15.000Z
GHSA-8frv-q972-9rq5 GHSA-m95p-425x-x889
diff --git a/advisories/github-reviewed/2025/11/GHSA-8frv-q972-9rq5/GHSA-8frv-q972-9rq5.json b/advisories/github-reviewed/2025/11/GHSA-8frv-q972-9rq5/GHSA-8frv-q972-9rq5.json
@@ -0,0 +1,92 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8frv-q972-9rq5",
+  "modified": "2025-11-25T20:42:28Z",
+  "published": "2025-11-25T20:42:28Z",
+  "aliases": [
+    "CVE-2025-66017"
+  ],
+  "summary": "cggmp24 and cggmp21 are vulnerable to signature forgery through altered presignatures",
+  "details": "### Impact\nThis attack is against presignatures used in very specific context:\n* Presignatures + HD wallets derivation: security level reduces to 85 bits \\\n  Previously users could generate a presignature, and then choose a HD derivation path while issuing a partial signature via [`Presignature::set_derivation_path`](https://docs.rs/cggmp21/0.6.3/cggmp21/signing/struct.Presignature.html#method.set_derivation_path), which is malleable to attack that reduces target security level. To mitigate, this method has been removed from API.\n* Presignatures + \"raw signing\" (when signer signs a hash without knowing an original message): results into signature forgery attack \\\n  Previously, users were able to configure [`Presignature::issue_partial_signature`](https://docs.rs/cggmp21/0.6.3/cggmp21/signing/struct.Presignature.html#method.issue_partial_signature) with hashed message without ever providing original mesage. In new API, this method only accepts digests for which original message has been observed.\n\n### Patches\n`cggmp24 v0.7.0-alpha.2` release contains API changes that make it impossible to use presignatures in contexts in which it reduces security. Follow [migration guidelines](https://github.com/LFDT-Lockness/cggmp21/blob/v0.7.0-alpha.2/CGGMP21_MIGRATION.md) to upgrade.\n\n### Workarounds\nUsers can continue using un-patched versions of library as long as they don't use presignatures in said scenarios where it weakens system security. To be sure, migrate to patched version that excludes presignatures from being used in such scenarios.\n\n### References\nRead this [blog post](https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained) to learn more.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "crates.io",
+        "name": "cggmp21"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "0.6.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "crates.io",
+        "name": "cggmp24"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.7.0-alpha.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-8frv-q972-9rq5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LFDT-Lockness/cggmp21/commit/9d98157e151596573cb071da59d27a4e0ac9b8dc"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/LFDT-Lockness/cggmp21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0127.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0128.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-327"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-11-25T20:42:28Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2025/11/GHSA-m95p-425x-x889/GHSA-m95p-425x-x889.json b/advisories/github-reviewed/2025/11/GHSA-m95p-425x-x889/GHSA-m95p-425x-x889.json
@@ -0,0 +1,92 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m95p-425x-x889",
+  "modified": "2025-11-25T20:41:04Z",
+  "published": "2025-11-25T20:41:04Z",
+  "aliases": [
+    "CVE-2025-66016"
+  ],
+  "summary": "cggmp21 has a missing check in the ZK proof used in CGGMP21",
+  "details": "### Impact\ncggmp21  concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.\n\n### Patches\n* `cggmp21 v0.6.3` is a patch release that contains a fix that introduces this specific missing check\n* However, cggmp21 recommends upgrading to `cggmp24 v0.7.0-alpha.2` which contains many other security checks as a precaution. Follow [migration guideline](https://github.com/LFDT-Lockness/cggmp21/blob/v0.7.0-alpha.2/CGGMP21_MIGRATION.md) to upgrade.\n\n### Workarounds\nUpdate to `cggmp21 v0.6.3`, a minor release that contains a minimal security patch.\n\nHowever, for full mitigation, users will need to upgrade to `cggmp24 v0.7.0-alpha.2` as it contains many more security check implementations.\n\n### Resources\nRead this [blog post](https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained) to learn more.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "crates.io",
+        "name": "cggmp21"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.6.3"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "crates.io",
+        "name": "cggmp24"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.7.0-alpha.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/LFDT-Lockness/cggmp21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0129.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0130.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-11-25T20:41:04Z",
+    "nvd_published_at": null
+  }
+}
