13 matches found
Medium: libsodium
Issue Overview: libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
EulerOS 2.0 SP12 : libsodium (EulerOS-SA-2026-1401)
According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint,...
Unity Linux 20.1060e / 20.1070e Security Update: libsodium (UTSA-2026-005358)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005358 advisory. libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for wheth...
OESA-2026-1100 libsodium security update
Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Security Fixes: libsodium...
OESA-2026-1097 libsodium security update
Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Security Fixes: libsodium...
RustCrypto: Elliptic Curves 输入验证错误漏洞
RustCrypto: Elliptic Curves is a Rust cryptographic library open-sourced by Rust Crypto. An input validation error vulnerability exists in RustCrypto: Elliptic Curves version 0.14.0-pre.0 and 0.14.0-rc.0, which stems from a failure to check for invalid elliptic curve points in the decryption path...
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Sodium vulnerability (USN-7949-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7949-1 advisory. It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could...
USN-7949-1: Sodium vulnerability
It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations...
CVE-2025-15444
A flaw was found in libsodium, a cryptographic library used for secure communication. When processing certain custom cryptographic data or untrusted inputs, the library's cryptocoreed25519isvalidpoint function incorrectly validates elliptic curve points. This oversight could allow an attacker to...
libsodium has Incomplete List of Disallowed Inputs
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...
ALPINE-CVE-2025-69277
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
AZL-73376 CVE-2025-69277 affecting package libsodium for versions less than 1.0.18-7
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...
CVE-2025-69277
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...