```toml [advisory] id = "RUSTSEC-2021-0076" package = "libsecp256k1" date = "2021-07-13" url = "https://github.com/paritytech/libsecp256k1/pull/67" categories = ["crypto-failure"] aliases = ["CVE-2021-38195", "GHSA-g4vj-x7v9-h82m"] [versions] patched = [">= 0.5.0"] ``` # libsecp256k1 allows overflowing signatures libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified. The error is resolved in 0.5.0 by adding a `check_overflow` flag.