blob: dbc9f8df184e268a7b97e088b474a308a7ad4b5c [file] [log] [blame]
id: GO-2022-1053
modules:
- module: github.com/supranational/blst
versions:
- introduced: 0.3.0
- fixed: 0.3.3
vulnerable_at: 0.3.2
packages:
- package: github.com/supranational/blst/bindings/go
summary: Incorrect signatures in github.com/supranational/blst
description: |-
Potential creation of an invalid signature from correct inputs.
Some inputs to the blst_fp_eucl_inverse function can produce incorrect outputs.
This could theoretically permit the creation of an invalid signature from
correct inputs.
ghsas:
- GHSA-x279-68rr-jp4p
references:
- advisory: https://github.com/advisories/GHSA-x279-68rr-jp4p
- fix: https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21
review_status: REVIEWED