Skip to content

Threshold value is ignored (all shares are n=3)

Low severity GitHub Reviewed Published Jun 17, 2022 to the GitHub Advisory Database • Updated Jan 12, 2023

Package

cargo shamir (Rust)

Affected versions

< 2.0.0

Patched versions

2.0.0

Description

Affected versions of this crate did not properly calculate secret shares requirements.

This reduces the security of the algorithm by restricting the crate to always
using a threshold value of three, rather than a configurable limit.

The flaw was corrected by correctly configuring the threshold.

References

Published to the GitHub Advisory Database Jun 17, 2022
Reviewed Jun 17, 2022
Last updated Jan 12, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-978j-88f3-p5j3

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.