CVE-2022-50237 | THREATINT

Description

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.

PUBLISHED Reserved 2025-07-28 | Published 2025-07-28 | Updated 2025-07-28 | Assigner mitre

MEDIUM: 5.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status

unaffected

Any version before 2

affected

References

rustsec.org/advisories/RUSTSEC-2022-0093.html

github.com/MystenLabs/ed25519-unsafe-libs

crates.io/crates/ed25519-dalek

cve.org (CVE-2022-50237)

nvd.nist.gov (CVE-2022-50237)

Download JSON