27 matches found
Medium: libsodium
Issue Overview: libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
Medium: libsodium
Issue Overview: libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
EulerOS Virtualization 2.12.1 : libsodium (EulerOS-SA-2026-1438)
According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...
EulerOS Virtualization 2.12.0 : libsodium (EulerOS-SA-2026-1495)
According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...
SUSE-SU-2026:0482-1 Security update for libsodium
This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Sodium vulnerability (USN-7949-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7949-1 advisory. It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could...
USN-7949-1 libsodium vulnerability
It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations...
USN-7949-1: Sodium vulnerability
It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations...
libsodium 安全漏洞
libsodium is a cryptographic software library by the individual developer Frank Denis. A security vulnerability exists in libsodium, which stems from the inclusion of a vulnerable version of libsodium that could lead to improper validation of elliptic curve points...
AZL-73341 CVE-2025-69277 affecting package libsodium for versions less than 1.0.19-2
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
CVE-2025-69277
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
libsodium 安全漏洞
libsodium is a cryptographic software library from the individual developer Frank Denis. A security vulnerability exists in previous versions of libsodium ad3004e, which stems from mishandling of elliptic curve point validity checking, which may allow points that are not part of the main crypto...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
PT-2022-15770 · Unknown · Sweet B Library
Name of the Vulnerable Software and Affected Versions: Sweet B library affected versions not specified Description: The issue arises from an incorrect choice of sign bit when compressing or decompressing elliptic curve points using the Sweet B library. An attacker with user-level privileges can...
CVE-2021-26408
The CVE-2021-26408 issue affects AMD SEV-legacy firmware, where insufficient validation of elliptic curve points during SEV-legacy guest migration could lead to loss of guest integrity or confidentiality. This is rooted in inadequate point validation within SEV-legacy firmware. According to the c...
SUSE: Security Advisory (SUSE-SU-2019:1086-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : freeradius-server (openSUSE-2020-542)
This update for freeradius-server fixes the following issues : Security issues fixed : - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points bsc1132549. - CVE-2019-11234: Fixed an authentication bypass caused by...
openSUSE: Security Advisory for freeradius-server (openSUSE-SU-2020:0542-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for freeradius-server (important)
openSUSE Security Update: Security update for freeradius-server Announcement ID: openSUSE-SU-2020:0542-1 Rating: important References: 1132549 1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available...