CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.4 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://crates.io/crates/ed25519-dalek
https://github.com/MystenLabs/ed25519-unsafe-libs
https://rustsec.org/advisories/RUSTSEC-2022-0093.html

Configurations

No configuration.

History

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) El paquete ed25519-dalek para Rust anterior a la versión 2 permite un ataque de oráculo con doble firma de clave pública. La implementación de Keypair permite un cálculo simple para extraer una clave privada.

28 Jul 2025, 03:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
CWE		CWE-497

28 Jul 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-28 02:15

Updated : 2025-07-29 14:14

NVD link : CVE-2022-50237

Mitre link : CVE-2022-50237

CVE.ORG link : CVE-2022-50237

JSON object : View

Products Affected

No product.

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

5.9 /10