CVE-2019-20399: Observable Discrepancy in libsecp256k1-rs

August 25, 2021

A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack.

References

github.com/advisories/GHSA-7cqg-8449-rmfv
github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50
nvd.nist.gov/vuln/detail/CVE-2019-20399
rustsec.org/advisories/RUSTSEC-2020-0156.html

Detect and mitigate CVE-2019-20399 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →