CVE-2019-16143: Algorithms compute incorrect results in blake2

August 25, 2021 (updated June 13, 2023)

An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.

References

github.com/RustCrypto/MACs/issues/19
github.com/RustCrypto/hashes/tree/master/blake2
github.com/advisories/GHSA-4x25-pvhw-5224
nvd.nist.gov/vuln/detail/CVE-2019-16143
rustsec.org/advisories/RUSTSEC-2019-0019.html

Detect and mitigate CVE-2019-16143 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →