Lucene search
K

17 matches found

Cvelist
Cvelist
added 2026/06/09 11:46 p.m.33 views

CVE-2026-46542 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

4.3CVSS0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/06 3:56 a.m.7 views

JLSEC-2026-575

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

8.1CVSS6.5AI score0.01607EPSS
Exploits0References12
OSV
OSV
added 2026/05/08 5:46 a.m.8 views

BIT-JRE-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS5.8AI score0.00886EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.6 views

CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

9.3CVSS5.8AI score0.00468EPSS
Exploits1References2
Friends Of PHP
Friends Of PHP
added 2025/12/30 12:0 a.m.10 views

Missing check that a point is on the prime subgroup for Edwards25519

More info at https://00f.net/2025/12/30/libsodium-vulnerability...

7AI score
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/15 6:57 p.m.2 views

EUVD-2025-34686

gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization...

6.5AI score
Exploits0References6
OSV
OSV
added 2025/08/29 2:52 p.m.4 views

GO-2025-3912 Gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks in github.com/consensys/gnark

Gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks in github.com/consensys/gnark...

9.1CVSS7AI score0.00198EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/22 7:54 p.m.3 views

CVE-2025-57801 gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

8.6CVSS6.9AI score0.00198EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/04/30 12:0 a.m.4 views

Low Latency FPGA Implementation of Twisted Edward Curve Cryptography Hardware Accelerator over Prime Field

The performance of any elliptic curve cryptography hardware accelerator significantly relies on the efficiency of the underlying point multiplication PM architecture. This article presents a hardware implementation of field-programmable gate array FPGA based modular arithmetic, group operation, a...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/10/03 4:4 p.m.8 views

bind: memory leaks in EdDSA DNSSEC verification code

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...

7.5CVSS7.2AI score0.02176EPSS
Exploits0References5
OSV
OSV
added 2022/09/29 6:41 p.m.10 views

CLSA-2022-1664476909 Fixed CVEs in bind: CVE-2022-38177, CVE-2022-38178, CVE-2022-2795

CVE-2022-2795: fix possible resolver performance degradation when processing large delegations - CVE-2022-38177: fix memory leak in ECDSA DNSSEC verification code - CVE-2022-38178: fix memory leak in EdDSA DNSSEC verification code...

7.5CVSS6.8AI score0.02299EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 11:15 a.m.2 views

DEBIAN-CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

7.5CVSS7.7AI score0.02176EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.3 views

ISC BIND 数据伪造问题漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in BIND that originates from the use of a misformatted EdDSA signature that spoofs the target resolver, causing memory to crash due to insufficient resources. The...

7.5CVSS6.9AI score0.02176EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2021/06/07 10:40 p.m.3 views

nettle: Out of bounds memory access in signature verification

A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...

8.1CVSS6.8AI score0.01607EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/04/14 8:35 p.m.2 views

nettle: Out of bounds memory access in signature verification

A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...

8.1CVSS6.8AI score0.01607EPSS
Exploits0References5
OSV
OSV
added 2021/04/05 10:15 p.m.3 views

UBUNTU-CVE-2021-20305

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

8.1CVSS6.6AI score0.01607EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2021/03/08 9:20 p.m.56 views

Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics...

0.3AI score
Exploits0References9
Rows per page
Query Builder