Constant-Time Operation Vulnerability in curve25519-dalek for Rust by Dalek Cryptography
CVE-2024-58262

2.9LOW

Key Information:

Vendor: Dalek-cryptography
Status: Curve25519-dalek
Vendor: CVE Published:; 27 July 2025

🔔 Create Dalek-cryptography Vulnerability Alert

What is CVE-2024-58262?

The curve25519-dalek crate for Rust prior to version 4.1.3 includes a vulnerability where a constant-time operation on elliptic curve scalars has been compromised by LLVM optimizations. This issue may expose applications utilizing this crate to timing attacks, potentially allowing attackers to gain sensitive information based on the execution time of operations. Developers using this library should upgrade to the latest version to ensure the integrity and security of their applications.

Affected Version(s)

curve25519-dalek 0 < 4.1.3

References

https://rustsec.org/advisories/RUSTSEC-2024-0344.html

https://github.com/dalek-cryptography/curve25519-dalek/pu...

https://crates.io/crates/curve25519-dalek

CVSS V3.1

Score:

2.9

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 27, 2025
Vulnerability Reserved
Jul 27, 2025