data/reports/GO-2022-1053.yaml - vulndb - Git at Google

 modules:
   - module: github.com/supranational/blst
     versions:
       - introduced: 0.3.0
         fixed: 0.3.3
     vulnerable_at: 0.3.2
     packages:
       - package: github.com/supranational/blst/bindings/go
 summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
 description: |-
     Potential creation of an invalid signature from correct inputs.

     Some inputs to the blst_fp_eucl_inverse function can produce incorrect
     outputs. This could theoretically permit the creation of an invalid
     signature from correct inputs.
 ghsas:
   - GHSA-x279-68rr-jp4p
 references:
   - advisory: https://github.com/advisories/GHSA-x279-68rr-jp4p
   - fix: https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21
	modules:
	- module: github.com/supranational/blst
	versions:
	- introduced: 0.3.0
	fixed: 0.3.3
	vulnerable_at: 0.3.2
	packages:
	- package: github.com/supranational/blst/bindings/go
	summary: 'TODO(https://go.dev/issue/56443): fill in summary field'
	description: \|-
	Potential creation of an invalid signature from correct inputs.

	Some inputs to the blst_fp_eucl_inverse function can produce incorrect
	outputs. This could theoretically permit the creation of an invalid
	signature from correct inputs.
	ghsas:
	- GHSA-x279-68rr-jp4p
	references:
	- advisory: https://github.com/advisories/GHSA-x279-68rr-jp4p
	- fix: https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21