Vulnerability Report: GO-2022-1053

GHSA-x279-68rr-jp4p
Affects: github.com/supranational/blst
Published: Oct 18, 2022
Modified: May 20, 2024

Potential creation of an invalid signature from correct inputs. Some inputs to the blst_fp_eucl_inverse function can produce incorrect outputs. This could theoretically permit the creation of an invalid signature from correct inputs.

For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-x279-68rr-jp4p.

Affected Packages

Path

Go Versions

Symbols
github.com/supranational/blst/bindings/go

from v0.3.0 before v0.3.3

all symbols

Aliases

GHSA-x279-68rr-jp4p

References

https://github.com/advisories/GHSA-x279-68rr-jp4p
https://github.com/supranational/blst/commit/dd980e7f81397895705c49fcb4f52e485bb45e21
https://vuln.go.dev/ID/GO-2022-1053.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL