CVE-2019-16143 – blake2

Package

Manager: cargo
Name: blake2
Vulnerable Version: >=0 <0.8.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00203 pctl0.42567

Details

Algorithms compute incorrect results in blake2 An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.

Metadata

Created: 2021-08-25T20:44:20Z
Modified: 2023-06-13T16:41:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-4x25-pvhw-5224/GHSA-4x25-pvhw-5224.json
CWE IDs: ["CWE-327"]
Alternative ID: GHSA-4x25-pvhw-5224
Finding: F052
Auto approve: 1