{"id":"RUSTSEC-2021-0076","summary":"libsecp256k1 allows overflowing signatures","details":"libsecp256k1 accepts signatures whose R or S parameter is larger than the\nsecp256k1 curve order, which differs from other implementations. This could\nlead to invalid signatures being verified.\n\nThe error is resolved in 0.5.0 by adding a `check_overflow` flag.","aliases":["CVE-2021-38195","GHSA-g4vj-x7v9-h82m"],"modified":"2023-11-08T04:06:26.227511Z","published":"2021-07-13T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/libsecp256k1"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0076.html"},{"type":"WEB","url":"https://github.com/paritytech/libsecp256k1/pull/67"}],"affected":[{"package":{"name":"libsecp256k1","ecosystem":"crates.io","purl":"pkg:cargo/libsecp256k1"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.5.0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0076.json","cvss":null,"informational":null,"categories":["crypto-failure"]}}],"schema_version":"1.7.3"}