26 matches found
EUVD-2022-55212
Malicious code in bioql PyPI...
EUVD-2025-29483
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-50237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation fo...
SUSE CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
CVE-2022-50237
A flaw was found in ed25519-dalek. The Keypair implementation allows an attacker to compute a private key by observing signatures generated with corresponding public keys. This public key signing function oracle attack does not require authentication. An unauthenticated attacker can extract the...
Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...
GHSA-G693-V3JR-8HCR Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
UBUNTU-CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
CVE-2022-50237
The CVE-2022-50237 entry concerns the ed25519-dalek Rust crate prior to version 2. The Keypair implementation enables a double public key signing function oracle attack, enabling an attacker to compute/extract a private key from signatures. Reported impact includes confidentiality loss; CVSSv3.1 ...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
ed25519-dalek crate 安全漏洞
ed25519-dalek crate is a Rust library from dalek cryptography open source. A security vulnerability exists in versions prior to ed25519-dalek crate 2, which stems from a dual public key signing function leading to private key extraction...
CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Impact The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe AP...
GHSA-J57R-4QW6-58R3 rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Impact The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe AP...
PT-2023-33034 · Unknown · Rusty-Paseto +1
Name of the Vulnerable Software and Affected Versions: ed25519-dalek versions prior to 2.0 rusty-paseto versions prior to 0.6.0 Description: The issue arises from a "Double Public Key Signing Function Oracle Attack" affecting the ed25519-dalek crate, which is a dependency of the rusty-paseto crat...
NT-anchor-spl (>=0.19.0 <=0.19.5), NT-anchor-spl-testnet (=0.19.2) +1606 more potentially affected by CVE-2022-50237 via ed25519-dalek (>=0.9.1 <=2.0.0-pre.0)
ed25519-dalek CARGO version =0.9.1, =0.19.0, =0.4.2, =0.2.0-beta.4, =0.1.0, =0.1.1, =0.1.0, =1.0.5, =0.0.0-alpha, =0.0.1-alpha.1, =0.5.0, =0.5.2, =0.8.0, =0.8.0, =0.8.9 and more Source cves: CVE-2022-50237 Source advisory: OSV:GHSA-W5VR-6QHR-36CC...
`ed25519-dalek` Double Public Key Signing Function Oracle Attack
Versions of ed25519-dalek prior to v2.0 model private and public keys as separate types which can be assembled into a Keypair, and also provide APIs for serializing and deserializing 64-byte private/public keypairs. Such APIs and serializations are inherently unsafe as the public key is one of th...
GHSA-W5VR-6QHR-36CC `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Versions of ed25519-dalek prior to v2.0 model private and public keys as separate types which can be assembled into a Keypair, and also provide APIs for serializing and deserializing 64-byte private/public keypairs. Such APIs and serializations are inherently unsafe as the public key is one of th...