blob: 37c3f88342240d09087c00a83f8394b6f55d53b7 [file] [log] [blame]
id: GO-2022-1053
modules:
- module: github.com/supranational/blst
versions:
- introduced: 0.3.0
fixed: 0.3.3
vulnerable_at: 0.3.2
packages:
- package: github.com/supranational/blst/bindings/go
summary: Incorrect signatures in github.com/supranational/blst
description: |-
Potential creation of an invalid signature from correct inputs.
Some inputs to the blst_fp_eucl_inverse function can produce incorrect outputs.
This could theoretically permit the creation of an invalid signature from
correct inputs.
ghsas:
- GHSA-x279-68rr-jp4p
references:
- advisory: https://github.com/advisories/GHSA-x279-68rr-jp4p
- fix: https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21
review_status: REVIEWED