Vulnerabilities in dalek-cryptography

2 results

CVE-2022-50237MEDIUMThe ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a sEPSS 0.2%CVE-2024-58262LOWThe curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.EPSS 0.1%