Wrong exception thrown in removed Java bindings #948

issue darkverbito openend this issue on June 4, 2021
  1. darkverbito commented at 4:45 pm on June 4, 2021: none
  2. real-or-random commented at 5:07 pm on June 4, 2021: contributor

    Yes, the order of the checks should be reversed.

    But:

    1. I don’t see how this is a security vulnerability. It will throw a NullPointerException instead of an AssertFailException but that’s per se not a security issue.

    2. This code is not in our repo. The Java bindings haven been removed more than a year ago, see #682. Maybe you want to report this at the repo mentioned there but please don’t call it a vulnerability and create unnecessary attention.

    edit: Let me add that we prefer that (potential) vulnerabilities are disclosed privately. We have contact information here: https://github.com/bitcoin-core/secp256k1/blob/master/SECURITY.md

  3. real-or-random closed this on Jun 4, 2021

  4. real-or-random renamed this:
    Security Vulnerability - null pointer dereference
    Wrong exception thrown in removed Java bindings
    on Jun 4, 2021
  5. darkverbito commented at 5:12 pm on June 4, 2021: none
    Thanks for the update!

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-30 05:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me