CVE-2019-25006: Incorrect implementation of the Streebog hash functions in streebog

August 25, 2021 (updated June 13, 2023)

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could’ve caused an incorrect result or panic for certain inputs.

References

github.com/RustCrypto/hashes/pull/91
github.com/RustCrypto/hashes/tree/master/streebog
github.com/advisories/GHSA-gf93-h79q-6jjv
nvd.nist.gov/vuln/detail/CVE-2019-25006
rustsec.org/advisories/RUSTSEC-2019-0030.html

Detect and mitigate CVE-2019-25006 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →