CNNVD-202509-939 Information

CNNVD ID

CNNVD-202509-939

Related CVE

CVE-2025-58359

• CNNVD Published: 2025-09-05

Description (Chinese)

FROST是Zcash Foundation开源的一个Rust库。 FROST 2.0.0至2.1.0版本存在安全漏洞，该漏洞源于使用较小min_signers刷新共享会降低组安全性。

Description (English)

FROST is an open-source Rust library of Zcash Foundation. FROST Versions 2.0.0 to 2.1.0 contain a security loophole, which arises from the use of smaller min signers to refresh the sharing, which reduces group security.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Zcash Foundation

Published

2025-09-05

Last Modified

2026-02-24

References

https://github.com/ZcashFoundation/frost/commit/379ef689c733b3d9c80fd409071d4f3af4dafed2 https://github.com/ZcashFoundation/frost/releases/tag/frost-core%2Fv2.2.0 https://github.com/ZcashFoundation/frost/security/advisories/GHSA-wgq8-vr6r-mqxm

Patch

https://github.com/ZcashFoundation/frost/releases