What is CVE-2024-58262?

CVE-2024-58262 is a low-severity vulnerability in Dalek-cryptography Curve25519-dalek, classified under CWE-733. CVSS score: 2.9/10. Published 2025-07-27.

How severe is CVE-2024-58262?

Low severity. CVSS v3 base score is 2.9 out of 10.

Vulnerability in Dalek-cryptography Curve25519-dalek

CVE-2024-58262

The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.9 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Dalek-cryptography Curve25519-dalek — versions 0

Weakness classification (CWE)

CWE-733

References

rustsec.org/advisories/RUSTSEC-2024-0344.html
github.com/dalek-cryptography/curve25519-dalek/pull/659
crates.io/crates/curve25519-dalek

Frequently asked questions

What is CVE-2024-58262?: CVE-2024-58262 is a low-severity vulnerability in Dalek-cryptography Curve25519-dalek, classified under CWE-733. CVSS score: 2.9/10. Published 2025-07-27.
How severe is CVE-2024-58262?: Low severity. CVSS v3 base score is 2.9 out of 10.