CVE-2022-50237

Published: Jul 28, 2025Modified: Jul 29, 2025

5.9

Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 1.4 / Impact: 4.0

Source: MITRE (Secondary)

Description

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.

Related CWEs

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (3)

https://crates.io/crates/ed25519-dalek

Source: cve@mitre.org

https://github.com/MystenLabs/ed25519-unsafe-libs

Source: cve@mitre.org

https://rustsec.org/advisories/RUSTSEC-2022-0093.html

Source: cve@mitre.org

Timeline

No history available yet.