CVE-2021-45696

EUVD-2022-0580
An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
sha2_projectsha2
0.9.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rust-sha2
bookworm
0.10.5-1
fixed
bullseye
0.9.2-2
fixed
sid
0.10.8-1
fixed
trixie
0.10.8-1
fixed
Common Weakness Enumeration
References
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/sha2/RUSTSEC-2021-0100.md
https://rustsec.org/advisories/RUSTSEC-2021-0100.html
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/sha2/RUSTSEC-2021-0100.md
https://rustsec.org/advisories/RUSTSEC-2021-0100.html