CVE-2025-52884

CVE-2025-52884 (RISC Zero Ethereum) affects the risc0-ethereum project where the Solidity library function Steel.validateCommitment incorrectly returns true for a crafted commitment with a digest value of zero prior to versions 2.1.1 and 2.2.0. This violates the semantics of validateCommitment, a...

Use Of A Cryptographic Primitive With A Risky Implementation

postquantumfeldmanvss is vulnerable to Use of a Cryptographic Primitive with a Risky Implementation. The vulnerability is due to ineffective redundancy checks and timing leaks, allowing an attacker to bypass security mechanisms, extract secret polynomial coefficients, and manipulate commitment...

Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...

Use of a Cryptographic Primitive with a Risky Implementation

Overview PostQuantum-Feldman-VSS is a Post-Quantum Secure Feldman's Verifiable Secret Sharing VSS in Python Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to inadequate countermeasures in secureredundantexecution. An attacker c...