GHSA-978j-88f3-p5j3: Threshold value is ignored (all shares are n=3)

June 17, 2022

Affected versions of this crate did not properly calculate secret shares requirements.

This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit.

The flaw was corrected by correctly configuring the threshold.

References

github.com/Nebulosus/shamir
github.com/Nebulosus/shamir/issues/3
github.com/advisories/GHSA-978j-88f3-p5j3
rustsec.org/advisories/RUSTSEC-2020-0160.html

Code Behaviors & Features

Detect and mitigate GHSA-978j-88f3-p5j3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →