CVE-2017-1000168: scalarmult() vulnerable to degenerate public keys

August 25, 2021 (updated June 13, 2023)

The scalarmult() function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used.

This issue was fixed by checking for this class of keys and rejecting them if they are used.

References

github.com/advisories/GHSA-2wc6-2rcj-8v76
github.com/dnaq/sodiumoxide/issues/154
github.com/sodiumoxide/sodiumoxide
github.com/sodiumoxide/sodiumoxide/commit/24c7a5550807ac8a09648b5878f19d14c3a69135
nvd.nist.gov/vuln/detail/CVE-2017-1000168
rustsec.org/advisories/RUSTSEC-2017-0001.html

Detect and mitigate CVE-2017-1000168 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →