73 matches found
Signature Verification on AVX2 Platforms Mishandles Edge Case
The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...
CVE-2025-47392
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...
EUVD-2025-209230
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...
CVE-2025-47392
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...
CVE-2025-47392 Integer Overflow or Wraparound in GPS
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...
PT-2026-30638
Memory corruption when decoding corrupted satellite data files with invalid signature offsets...
CVE-2026-4601
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...
CVE-2026-4601
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...
PT-2026-27057
Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description The jsrsasign package, versions prior to 11.1.1, contains a flaw in the DSA signing implementation, specifically within the KJUR.crypto.DSA.signWithMessageHash process. This issue allows an attack...
ROS-20260310-73-0040
A vulnerability in the signature verification functions GOST DSA, EDDSA and ECDSA of the Nettle library is related to flaws in the cryptographic algorithms used. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by entering an invalid signature...
EUVD-2018-5861
Malware in sbrugna...
EUVD-2021-1711
Malware in sbrugna...
EUVD-2024-3484
Malicious code in bioql PyPI...
EUVD-2024-3178
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-17596
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack...
CVE-2025-49600
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...
CVE-2025-49600
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...
CVE-2024-54140
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...
CVE-2018-13927
Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...