I think there’s a null pointer dereference issue here:
Wrong exception thrown in removed Java bindings #948
issue darkverbito openend this issue on June 4, 2021-
darkverbito commented at 4:45 pm on June 4, 2021: none
-
real-or-random commented at 5:07 pm on June 4, 2021: contributor
Yes, the order of the checks should be reversed.
But:
-
I don’t see how this is a security vulnerability. It will throw a NullPointerException instead of an AssertFailException but that’s per se not a security issue.
-
This code is not in our repo. The Java bindings haven been removed more than a year ago, see #682. Maybe you want to report this at the repo mentioned there but please don’t call it a vulnerability and create unnecessary attention.
edit: Let me add that we prefer that (potential) vulnerabilities are disclosed privately. We have contact information here: https://github.com/bitcoin-core/secp256k1/blob/master/SECURITY.md
-
-
real-or-random closed this on Jun 4, 2021
-
real-or-random renamed this:
Security Vulnerability - null pointer dereference
Wrong exception thrown in removed Java bindings
on Jun 4, 2021 -
darkverbito commented at 5:12 pm on June 4, 2021: noneThanks for the update!
github-metadata-mirror
This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-23 04:15 UTC
This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-23 04:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me
More mirrored repositories can be found on mirror.b10c.me