GHSA-434V-X5QV-PMH6 libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...

DEBIAN-CVE-2024-2881

Fault Injection vulnerability in wced25519signmsg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...

UBUNTU-CVE-2024-2881

Fault Injection vulnerability in wced25519signmsg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...

WolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in WolfSSL version 5.6.6, which can be exploited by remote attackers to disclose information and elevate privileges via a...

PT-2024-40180 · Unknown · @Nfid/Embed Sdk +2

Name of the Vulnerable Software and Affected Versions: @nfid/embed SDK versions prior to 0.10.1-alpha.6 @dfinity/auth-client versions prior to 1.0.1 @dfinity/identity versions prior to 1.0.1 Description: The issue affects user sessions in the @nfid/embed SDK that utilize Ed25519 keys, due to a...

CVE-2024-1631

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

CVE-2024-1631

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

SUSE-SU-2022:3730-1 Security update for python-paramiko

This update for python-paramiko fixes the following issues: Updated to version 2.4.3: - CVE-2018-1000805: Fixed authentication bypass bsc1111151. Bugfixes: - Fixed Ed25519 key handling for certain key comment lengths bsc1200603...

SUSE SLED15 / SLES15 Security Update : libssh2_org (SUSE-SU-2020:3551-1)

This update for libssh2org fixes the following issues : Version update to 1.9.0: bsc1178083, jscSLE-16922 Enhancements and bugfixes : - adds ECDSA keys and host key support when using OpenSSL - adds ED25519 key and host key support when using OpenSSL 1.1.1 - adds OpenSSH style key file reading -...