File tree Expand file tree Collapse file tree 1 file changed +25
-0
lines changed
Expand file tree Collapse file tree 1 file changed +25
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " RUSTSEC-0000-0000"
4+ package = " libcrux-ecdh"
5+ date = " 2026-01-26"
6+ aliases = [" GHSA-435g-fcv3-8j26"
7+ url = " https://github.com/cryspen/libcrux/pull/1301"
8+ cvss = " CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
9+
10+ [affected .functions ]
11+ "libcrux_ecdh::validate_scalar" = [ " <= 0.0.5"
12+
13+ [versions ]
14+ patched = [" >= 0.0.6"
15+ ```
16+
17+ # X25519 secret validation did not check buffer length or clamping
18+
19+ The latest releases of the libcrux-ecdh crate contains the following
20+ bug-fix:
21+
22+ [ #1301 ] ( https://github.com/cryspen/libcrux/pull/1301 ) : Check length
23+ and clamping in X25519 secret validation. This is a breaking change
24+ since errors are now raised on unclamped X25519 secrets or inputs of
25+ the wrong length
You can’t perform that action at this time.
0 commit comments