CVE-2019-25002: Incorrect Comparison in sodiumoxide
(updated )
An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.
References
- github.com/advisories/GHSA-wrvc-72w7-xpmj
- github.com/sodiumoxide/sodiumoxide
- github.com/sodiumoxide/sodiumoxide/commit/38490723927f230498adf795153e6cd3cb08b6a8
- github.com/sodiumoxide/sodiumoxide/pull/381
- github.com/sodiumoxide/sodiumoxide/pull/381/commits/fae052b834b097ced9a89a8fff8466e18f383070
- nvd.nist.gov/vuln/detail/CVE-2019-25002
- rustsec.org/advisories/RUSTSEC-2019-0026.html
Detect and mitigate CVE-2019-25002 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →