[advisory]
id = "RUSTSEC-2019-0026"
package = "sodiumoxide"
aliases = ["CVE-2019-25002", "GHSA-wrvc-72w7-xpmj"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
date = "2019-10-11"
keywords = ["cryptography"]
url = "https://github.com/sodiumoxide/sodiumoxide/pull/381"
[affected.functions]
"sodiumoxide::crypto::generichash::Digest::eq" = ["< 0.2.5, >= 0.2.0"]
"sodiumoxide::crypto::generichash::Digest::ne" = ["< 0.2.5, >= 0.2.0"]
[versions]
patched = [">= 0.2.5"]
PartialEq implementation for generichash::Digest has compared itself to itself.
Digest::eq always returns true and Digest::ne always returns false.