RUSTSEC-2021-0076: libsecp256k1 allows overflowing signatures
github-actions opened this issue · 0 comments
github-actions commented
libsecp256k1 allows overflowing signatures
Details | |
---|---|
Package | libsecp256k1 |
Version | 0.3.5 |
URL | paritytech/libsecp256k1#67 |
Date | 2021-07-13 |
Patched versions | >=0.5.0 |
libsecp256k1 accepts signatures whose R or S parameter is larger than the
secp256k1 curve order, which differs from other implementations. This could
lead to invalid signatures being verified.
The error is resolved in 0.5.0 by adding a check_overflow
flag.
See advisory page for additional details.