nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

PT-2026-42628

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

PT-2026-42670

Name of the Vulnerable Software and Affected Versions Nimiq versions prior to 1.4.0 Description A denial-of-service issue exists in the Ed25519 multisig delinearization code path. The function Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs uses .unwrap during curve point decompression,...

Malicious Package

Overview chain-desktop-wallet is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

MAL-2022-1871 Malicious code in chain-desktop-wallet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebe75ae0b2025c921761ebe7d9192327868b9176ee783a1bf225bc7066ec648f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chain-desktop-wallet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebe75ae0b2025c921761ebe7d9192327868b9176ee783a1bf225bc7066ec648f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...