CVE-2019-25007: Incorrect implementation in streebog

August 25, 2021 (updated June 13, 2023)

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could’ve caused an incorrect result or panic for certain inputs.

References

github.com/RustCrypto/hashes/pull/91
github.com/RustCrypto/hashes/tree/master/streebog
github.com/advisories/GHSA-39wr-f4ff-xm6p
nvd.nist.gov/vuln/detail/CVE-2019-25007
rustsec.org/advisories/RUSTSEC-2019-0030.html

Detect and mitigate CVE-2019-25007 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →