CVE-2024-58262

Summary

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

Affected Software

VendorProductVersion RangeStatus
dalek-cryptographycurve25519-dalek0 < 4.1.3affected

Weaknesses

  • CWE-733: CWE-733 Compiler Optimization Removal or Modification of Security-critical Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References