CVE-2025-14547 ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...

CVE-2025-14547

CVE-2025-14547 : An integer underflow in Silicon Labs’ PSA Crypto and SE Manager EC‑JPAKE APIs during ZKP parsing can trigger a hard fault, causing a temporary denial of service. Affected: Silicon Labs PSA Crypto and SE Manager EC‑JPAKE APIs. Root cause: integer underflow during ZKP parsing. Impa...

PT-2026-21016

Name of the Vulnerable Software and Affected Versions Silicon Labs PSA Crypto and SE Manager versions affected versions not specified Description An integer underflow issue exists in the EC-JPAKE APIs during ZKP parsing within Silicon Labs’ PSA Crypto and SE Manager implementation. Exploitation o...

Silicon Labs Gecko SDK和Silicon Labs Simplicity SDK 安全漏洞

The Silicon Labs Gecko SDK GSDK and Silicon Labs Simplicity SDK are both open-source products from Silicon Labs. The Silicon Labs Gecko SDK is a library that combines the Silicon Labs wireless software development kit SDK with the Gecko platform into an integrated software package. The Silicon La...

LINEture: Novel Signature Cryptosystem

We propose a novel digital signature cryptosystem that exploits the concept of the brute-force problem. To ensure the security of the cryptosystem, we employed several mechanisms: sharing a common secret for factorable permutations, associating permutations with the message being signed, and...

CVE-2025-66016

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...

cggmp21 has a missing check in the ZK proof used in CGGMP21

Impact cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check However, cggmp21 recommends upgrading to...

GHSA-M95P-425X-X889 cggmp21 has a missing check in the ZK proof used in CGGMP21

Impact cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check However, cggmp21 recommends upgrading to...

CVE-2025-66016

CGGMP24 (ECDSA TSS) CVE-2025-66016 concerns a missing check in the ZK proof in CGGMP21 that could allow a single malicious signer to reconstruct the full private key. The issue is described across multiple sources: prior to version 0.6.3, the missing check enabled the attack; a patch exists in v0...

CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...

cggmp21 数据伪造问题漏洞

cggmp21 is a Rust library open-sourced by Lockness. A data forgery issue vulnerability exists in versions prior to cggmp21 0.6.3, which stems from a missing check in the ZK proof that could lead to a malicious signer reconstructing the full private key...

Missing check in ZK proof in CGGMP21 Threshold Signing Protocol

Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...

RUSTSEC-2025-0130 Missing check in ZK proof in CGGMP21 Threshold Signing Protocol

Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...

EUVD-2025-19064

Malicious code in bioql PyPI...

EUVD-2022-33901

Malicious code in bioql PyPI...

PT-2025-34495

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.14.0 Description: gnark is a zero-knowledge proof system framework. The Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleabili...

Fair Data Exchange with Constant-Time Proofs

The Fair Data Exchange FDE protocol introduced at CCS 2024 offers atomic pay-per-file transfers with constant-size proofs, but its prover and verifier runtimes still scale linearly with the file length n. We collapse these costs to essentially constant by viewing the file as a rate-1 Reed-Solomon...

CVE-2022-29566

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue...

ZkVC: Fast Zero-Knowledge Proof for Private and Verifiable Computing

Whitepaper called ZkVC: Fast Zero-Knowledge Proof For Private And Verifiable Computing...

CVE-2024-38533 ZKsync Era invalid stack addressing conversion

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0...