CVE-2026-45614

A flaw was found in OP-TEE Trusted Execution Environment. This vulnerability allows a local attacker to reconstruct the private key by providing approximately 30-40 specially crafted public keys during the Elliptic Curve Diffie-Hellman ECDH shared secret generation. The system fails to verify if...

CVE-2026-37554

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

SUSE-SU-2026:0482-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...

OESA-2026-1100 libsodium security update

Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Security Fixes: libsodium...

Mageia: Security Advisory (MGASA-2026-0004)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-54285

Name of the Vulnerable Software and Affected Versions libsodium versions prior to ad3004e Description The software mishandles checks for the validity of elliptic curve points in specific, unusual scenarios. This occurs when custom cryptography or untrusted data is used with the crypto core ed2551...

GO-2023-2380 Private key recovery via invalid curve point in github.com/ecies/go/v2

An attacker may be able to recover private keys due to a bug in the ECDH function. The library does not check whether the provided public key is on the curve, which means that an attacker can create a public key that is not on the curve and use it to recover the private key. A workaround is to...

github.com/ecies/go vulnerable to possible private key restoration

Impact If functions Encapsulate, Decapsulate and ECDH could be called by an attacker, he could recover any private key that he interacts with. Patches Patched in v2.0.8 Workarounds You could manually check public key by calling IsOnCurve function from secp256k1 libraries. References...

Private Key Restoration

github.com/ecies/go is vulnerable to Private Key Restoration. The vulnerability arises due to the Encapsulate and Decapsulate functions, which allows an attacker to possibly recover the private key due to an Invalid Curve Point...

SUSE CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499...

freeradius: eap-pwd: authentication bypass via an invalid curve attack

A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and...

freeradius: eap-pwd: authentication bypass via an invalid curve attack

A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and...

DEBIAN-CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499...

ALPINE-CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499...

CVE-2017-7781/CVE-2017-10176: Issue with elliptic curve addition in mixed Jacobian-affine coordinates in Firefox/Java

tl;dr Firefox and Java suffered from a moderate vulnerability affecting the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINTATINFINITY when it should not. Introduction Few months ago I was working on a vulnerability affecting th...

KLA11082 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, privilege escalation, spoof user interface, bypass security restrictions, obtain sensitive information and execute arbitrary code. Below is...

openssl: race condition in ssl_parse_serverhello_tlsext

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...

DEBIAN-CVE-2014-3509

Race condition in the sslparseserverhellotlsext function in t1lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service memory overwrite and client application crash or possibly have...