Name | CVE-2024-58262 |
Description | The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 1074351 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
rust-curve25519-dalek (PTS) | trixie | 4.1.3+20240618+dfsg-9 | fixed |
| forky, sid | 4.2.0+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
https://rustsec.org/advisories/RUSTSEC-2024-0344.html
https://github.com/dalek-cryptography/curve25519-dalek/pull/659