2 matches found
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
GHSA-Q67F-28XG-22RW Forge has signature forgery in Ed25519 due to missing S > L check
Summary Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify OpenSSL-backed rejects the S + L variant, as defined by the...