elliptic: Missing Validation in Elliptic's EDDSA Signature Verification

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...

elliptic: Missing Validation in Elliptic's EDDSA Signature Verification

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

...

CVE-2024-48949

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order. Mitigation Mitigation...

DEBIAN-CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecds...

DEBIAN-CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

SUSE CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

GHSA-GP6J-VX54-5PMF Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme

Summary In the threshold signature scheme, participants start by dividing secrets into shares using a secret sharing scheme. The Verifiable Secret Sharing scheme generates shares from the user’s IDs but does not properly validate them. Using a malicious ID will make other users reveal their secre...

GHSA-G4VJ-X7V9-H82M Overflow in libsecp256k1

An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow...

Rust 数据伪造问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in libsecp256k1 crate before Rust 0.5.0, which stems from libsecp256k1 crate allowing R or S arguments to be greater than curve order...

RUSTSEC-2021-0076 libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified. The error is resolved in 0.5.0 by adding a checkoverflow flag...