```toml
[advisory]
id = "RUSTSEC-2021-0076"
package = "libsecp256k1"
date = "2021-07-13"
url = "https://github.com/paritytech/libsecp256k1/pull/67"
categories = ["crypto-failure"]
aliases	= ["CVE-2021-38195", "GHSA-g4vj-x7v9-h82m"]

[versions]
patched = [">= 0.5.0"]
```

# libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the
secp256k1 curve order, which differs from other implementations. This could
lead to invalid signatures being verified.

The error is resolved in 0.5.0 by adding a `check_overflow` flag.