Nixpkgs security tracker
5.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): Low (L)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures with repeated (duplicate) hint indices. According to the ML-DSA specification (FIPS 204 / RFC 9881), hint indices within each polynomial must be **strictly increasing**. The current implementation uses a non-strict monotonic check (`<=` instead of `<`), allowing duplicate indices. This is a regression bug. The original implementation was correct, but a commit in version 0.0.4 inadvertently changed the strict `<` comparison to `<=`, introducing the vulnerability. Version 0.1.0-rc.4 fixes the issue.
References
-
https://github.com/RustCrypto/signatures/security/advisories/GHSA-5x2r-hc65-25f9 x_refsource_CONFIRM
-
https://github.com/RustCrypto/signatures/issues/894 x_refsource_MISC
-
https://github.com/RustCrypto/signatures/pull/895 x_refsource_MISC
-
https://csrc.nist.gov/pubs/fips/204/final x_refsource_MISC
-
https://datatracker.ietf.org/doc/html/rfc9881 x_refsource_MISC
-
https://github.com/C2SP/wycheproof x_refsource_MISC
Affected products
- ==>= 0.0.4, < 0.1.0-rc.4
Matching in nixpkgs
pkgs.python312Packages.ts1-signatures
TLS and HTTP signature and fingerprint library
-
nixos-unstable ts1-signatures-0-unstable-2024-08-10
- nixpkgs-unstable ts1-signatures-0-unstable-2024-08-10
- nixos-unstable-small ts1-signatures-0-unstable-2024-08-10
pkgs.python313Packages.ts1-signatures
TLS and HTTP signature and fingerprint library
-
nixos-unstable ts1-signatures-0-unstable-2024-08-10
- nixpkgs-unstable ts1-signatures-0-unstable-2024-08-10
- nixos-unstable-small ts1-signatures-0-unstable-2024-08-10
pkgs.perlPackages.MethodSignaturesSimple
Basic method declarations with signatures, without source filters
pkgs.haskellPackages.PartialTypeSignatures
emulate partial type signatures with template haskell
pkgs.perl538Packages.MethodSignaturesSimple
Basic method declarations with signatures, without source filters
pkgs.perl540Packages.MethodSignaturesSimple
Basic method declarations with signatures, without source filters
pkgs.python312Packages.http-message-signatures
Requests authentication module for HTTP Signature
pkgs.python313Packages.http-message-signatures
Requests authentication module for HTTP Signature
pkgs.haskellPackages.hasktorch-signatures-types
Core types for Hasktorch backpack signatures
pkgs.python312Packages.requests-http-message-signatures
Request authentication plugin implementing IETF HTTP Message Signatures
-
nixos-unstable -
- nixos-unstable-small 0.3.0
pkgs.python313Packages.requests-http-message-signatures
Request authentication plugin implementing IETF HTTP Message Signatures
-
nixos-unstable -
- nixos-unstable-small 0.3.0
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@GGG-KILLER GGG <github@ggg.dev>
-
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>
-
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
-
@wegank Weijia Wang <contact@weijia.wang>
-
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>