CVE-2024-58262

MEDIUM EPSS 4.8%
Published Jul 27, 202511mo ago ยท Modified Jun 17, 20262w ago
5.1 CVSS 3.1
Medium
Find Similar
Published Jul 27, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

CVSS Details

Base Score
5.1
Exploitability
1.4
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-733

Affected Products 1

VendorProductVersionRange
dalekcurve25519-dalek* <4.1.3

References 3

  • crates.io https://crates.io/crates/curve25519-dalek
    Product
  • github.com https://github.com/dalek-cryptography/curve25519-dalek/pull/659
    Issue TrackingPatch
  • rustsec.org https://rustsec.org/advisories/RUSTSEC-2024-0344.html
    Third Party Advisory

Remediation

  • github.com https://github.com/dalek-cryptography/curve25519-dalek/pull/659
    Issue TrackingPatch