| id: GO-2022-1053 |
| modules: |
| - module: github.com/supranational/blst |
| versions: |
| - introduced: 0.3.0 |
| fixed: 0.3.3 |
| vulnerable_at: 0.3.2 |
| packages: |
| - package: github.com/supranational/blst/bindings/go |
| summary: Incorrect signatures in github.com/supranational/blst |
| description: |- |
| Potential creation of an invalid signature from correct inputs. |
| |
| Some inputs to the blst_fp_eucl_inverse function can produce incorrect outputs. |
| This could theoretically permit the creation of an invalid signature from |
| correct inputs. |
| ghsas: |
| - GHSA-x279-68rr-jp4p |
| references: |
| - advisory: https://github.com/advisories/GHSA-x279-68rr-jp4p |
| - fix: https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21 |
| review_status: REVIEWED |