Add advisory for unambigious challenge derivation in cggmp21 (#2012)

2025-12-27 01:54:07 -05:00 · 2024-11-10 14:58:43 +01:00
parent b1254e85a8
commit 6c890708d5
3 changed files with 57 additions and 0 deletions
--- a/crates/cggmp21-keygen/RUSTSEC-0000-0000.md
+++ b/crates/cggmp21-keygen/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "cggmp21-keygen"
+date = "2024-07-18"
+url = "https://github.com/dfns/cggmp21/pull/103"
+categories = ["crypto-failure"]
+
+keywords = ["mpc", "tss", "zkp"]
+
+[versions]
+patched = [">= 0.3.0"]
+```
+
+# Ambiguous challenge derivation
+
+Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead
+to security vulnerability (however, it's unknown if it could be exploited).
--- a/crates/cggmp21/RUSTSEC-0000-0000.md
+++ b/crates/cggmp21/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "cggmp21"
+date = "2024-07-18"
+url = "https://github.com/dfns/cggmp21/pull/103"
+categories = ["crypto-failure"]
+
+keywords = ["mpc", "tss", "zkp"]
+
+[versions]
+patched = [">= 0.4.0"]
+```
+
+# Ambiguous challenge derivation
+
+Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead
+to security vulnerability (however, it's unknown if it could be exploited).
--- a/crates/paillier-zk/RUSTSEC-0000-0000.md
+++ b/crates/paillier-zk/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+
+package = "paillier-zk"
+date = "2024-07-18"
+url = "https://github.com/dfns/paillier-zk/pull/49"
+categories = ["crypto-failure"]
+
+keywords = ["mpc", "tss", "zkp"]
+
+[versions]
+patched = [">= 0.4.0"]
+```
+
+# Ambiguous challenge derivation
+
+Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead
+to security vulnerability (however, it's unknown if it could be exploited).