Constant-Time Operation Vulnerability in curve25519-dalek for Rust by Dalek Cryptography
CVE-2024-58262

5.1MEDIUM

Key Information:

Vendor: Dalek-cryptography
Status: Curve25519-dalek
Vendor: CVE Published:; 27 July 2025

🔔 Create Dalek-cryptography Vulnerability Alert

What is CVE-2024-58262?

The curve25519-dalek crate for Rust prior to version 4.1.3 includes a vulnerability where a constant-time operation on elliptic curve scalars has been compromised by LLVM optimizations. This issue may expose applications utilizing this crate to timing attacks, potentially allowing attackers to gain sensitive information based on the execution time of operations. Developers using this library should upgrade to the latest version to ensure the integrity and security of their applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

curve25519-dalek 0 < 4.1.3

References

https://rustsec.org/advisories/RUSTSEC-2024-0344.html

https://github.com/dalek-cryptography/curve25519-dalek/pu...

https://crates.io/crates/curve25519-dalek

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 27, 2025
Vulnerability Reserved
Jul 27, 2025

JSON

Dalek-cryptography

What is CVE-2024-58262?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.