data/reports/GO-2022-1053.yaml - vulndb - Git at Google

 id: GO-2022-1053
 modules:
     - module: github.com/supranational/blst
       versions:
         - introduced: 0.3.0
           fixed: 0.3.3
       vulnerable_at: 0.3.2
       packages:
         - package: github.com/supranational/blst/bindings/go
 summary: Incorrect signatures in github.com/supranational/blst
 description: |-
     Potential creation of an invalid signature from correct inputs.

     Some inputs to the blst_fp_eucl_inverse function can produce incorrect outputs.
     This could theoretically permit the creation of an invalid signature from
     correct inputs.
 ghsas:
     - GHSA-x279-68rr-jp4p
 references:
     - advisory: https://github.com/advisories/GHSA-x279-68rr-jp4p
     - fix: https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21
	id: GO-2022-1053
	modules:
	- module: github.com/supranational/blst
	versions:
	- introduced: 0.3.0
	fixed: 0.3.3
	vulnerable_at: 0.3.2
	packages:
	- package: github.com/supranational/blst/bindings/go
	summary: Incorrect signatures in github.com/supranational/blst
	description: \|-
	Potential creation of an invalid signature from correct inputs.

	Some inputs to the blst_fp_eucl_inverse function can produce incorrect outputs.
	This could theoretically permit the creation of an invalid signature from
	correct inputs.
	ghsas:
	- GHSA-x279-68rr-jp4p
	references:
	- advisory: https://github.com/advisories/GHSA-x279-68rr-jp4p
	- fix: https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21