Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-58262

Good to know:

icon

Date: July 26, 2025

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

Severity Score

Related Resources (7)

https://nvd.nist.gov/vuln/detail/CVE-2024-58262
https://crates.io/crates/curve25519-dalek
https://rustsec.org/advisories/RUSTSEC-2024-0344.html
https://github.com/dalek-cryptography/curve25519-dalek
https://github.com/dalek-cryptography/curve25519-dalek/commit/415892acf1cdf9161bd6a4c99bc2f4cb8fae5e6a
https://github.com/dalek-cryptography/curve25519-dalek/pull/659
https://www.mend.io/vulnerability-database/CVE-2024-58262

Severity Score

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Compiler Optimization Removal or Modification of Security-critical Code

CWE-733

Top Fix

icon

Upgrade Version

Upgrade to version curve25519-dalek - 4.1.3;https://github.com/dalek-cryptography/curve25519-dalek.git - curve25519-4.1.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us