Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...

UBUNTU-CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...

CVE-2022-50237

The CVE-2022-50237 entry concerns the ed25519-dalek Rust crate prior to version 2. The Keypair implementation enables a double public key signing function oracle attack, enabling an attacker to compute/extract a private key from signatures. Reported impact includes confidentiality loss; CVSSv3.1 ...

Double-signing Attack

github.com/strangelove-ventures/horcrux is vulnerable to a double-signing attack. The vulnerability is due to a race condition in signature state handling when two independent events occurring within the same microsecond, allowing unintended duplicate signatures and leads to unintended...

PT-2025-31036 · Unknown · Ed25519-Dalek

Name of the Vulnerable Software and Affected Versions: ed25519-dalek crate versions prior to 2 Description: The ed25519-dalek crate for Rust contains a flaw that allows a double public key signing function oracle attack. The Keypair implementation can lead to the extraction of a private key...