rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/cggmp21/RUSTSEC-2025-0129.md
djc cc3c393dba Synchronize IDs (2025-11-26)
2025-11-26 07:00:45 +01:00

1.0 KiB
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2025-0129"
package = "cggmp21"
date = "2025-11-24"
url = "https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained"
categories = ["crypto-failure"]
keywords = ["zk-proof"]
aliases = ["CVE-2025-66016", "GHSA-m95p-425x-x889"]
[versions]
patched = [">= 0.6.3"]

Missing check in ZK proof in CGGMP21 Threshold Signing Protocol

Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key.

Patches

  • cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check.
  • However, we recommend upgrading to cggmp24 v0.7.0-alpha.2 in which we've introduced many other security checks as a precaution. Follow the migration guidelines to upgrade.

References

Read our blog post to learn more.