7 matches found
OESA-2026-2637 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...
node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures
A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...
CVE-2026-33895
A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...
UBUNTU-CVE-2026-33895
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
EUVD-2021-1561
Malware in sbrugna...
ALPINE-CVE-2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...
GHSA-4Q4X-67HX-5MPG Failure to properly verify ed25519 signatures in libp2p-core
Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid. This allows an attacker to impersonate any node identity...