38 matches found
SUSE-SU-2026:2575-1 Security update for libsolv, libzypp, zypper
This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in libsolv repoaddsolv via negative maxsize from crafted .solv file bsc1265935. - CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512...
Important: libsolv
Issue Overview: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI...
CVE-2026-4115
PuTTY 0.83 is affected by CVE-2026-4115 in the Ed25519 Signature Handler (eddsa_verify in crypto/ecc-ssh.c). The vulnerability causes improper verification of cryptographic signatures. Exploitation may be performed remotely, but the attack is described as high complexity with low exploitability. ...
EUVD-2022-40774
Malicious code in bioql PyPI...
ABB M2M Gateway Memory Leak in embedded Bind (CVE-2022-38178)
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. This plugin only works with Tenable.ot. Please visit...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the xengineVerify method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from...
SUSE CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
RHEL 8 : grafana (RHSA-2024:8507)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8507 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: elliptic: Missing...
Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.4.6 security updates and bug fixes
Multicluster Engine for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
elliptic: Missing Validation in Elliptic's EDDSA Signature Verification
A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.3 bug fixes and container updates
Red Hat Advanced Cluster Management for Kubernetes 2.11.3 General Availability release images, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2024-48949
A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order. Mitigation Mitigation...
CBL Mariner 2.0 Security Update: reaper (CVE-2024-42459)
The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42459 advisory. - In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing...
CVE-2024-2881 Fault Injection of EdDSA signature in WolfCrypt
Fault Injection vulnerability in wced25519signmsg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...
CVE-2024-42459
A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn't properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues. Mitigation Mitigation fo...
Elliptic's EDDSA missing signature length check
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...
CVE-2024-42459
In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...