192 matches found
OESA-2026-2635 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...
Important: libsolv
Issue Overview: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI...
TencentOS Server 4: libsolv (TSSA-2026:0423)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0423 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
PT-2026-37824
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...
Astra Linux – Vulnerability in Node-Elliptic
The verify function in lib/elliptic/eddsa/index.js within the Elliptic package, as of version 6.5.6 for Node.js, omits the validation of the condition “sig.S.gtesig.eddsa.curve.n || sig.S.isNeg”...
Improper Certificate Validation
Overview wolfssl is a None Affected versions of this package are vulnerable to Improper Certificate Validation. due to missing hash/digest size and OID checks in the certificate verification process. An attacker can bypass signature verification by providing digests smaller than allowed when...
UBUNTU-CVE-2026-5194
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...
CVE-2026-5194
The CVE-2026-5194 issue concerns wolfSSL’s ECDSA certificate verification: missing hash/digest size and OID checks may allow digests smaller than allowed for the given key type to pass verification when EdDSA or ML-DSA is enabled. This could reduce security of ECDSA certificate-based authenticati...
CVE-2026-5194
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...
CVE-2026-4115
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...
UBUNTU-CVE-2026-4115
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...
CVE-2026-4115
PuTTY 0.83 is affected by CVE-2026-4115 in the Ed25519 Signature Handler (eddsa_verify in crypto/ecc-ssh.c). The vulnerability causes improper verification of cryptographic signatures. Exploitation may be performed remotely, but the attack is described as high complexity with low exploitability. ...
CVE-2026-4115
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...
CVE-2026-4115 PuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsaverify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be performed from remote. The attack requires a hi...
MiracleLinux 9 : bind-9.16.23-1.el9.1 (AXSA:2022-4081:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4081:05 advisory. bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly CVE-2022-3080 bind: memory leak in...
MiracleLinux 8 : bind-9.11.36-3.el8.1 (AXSA:2022-3874:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3874:03 advisory. bind: memory leak in ECDSA DNSSEC verification code CVE-2022-38177 bind: memory leaks in EdDSA DNSSEC verification code CVE-2022-38178 Tenable has...
GO-2025-4027 Gnark-crypto doesn't range check input values during ECDSA and EdDSA deserialization in github.com/consensys/gnark-crypto
Gnark-crypto doesn't range check input values during ECDSA and EdDSA deserialization in github.com/consensys/gnark-crypto...
GHSA-FR8M-434R-G3XP gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization
Impact During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also...
gnark-crypto doesn't range check input values during ECDSA and EdDSA signature deserialization
During deserialization of ECDSA and EdDSA signatures gnark-crypto did not check that the values are in the range 1, n-1 with n being the corresponding modulus either base field modulus in case of R in EdDSA, and scalar field modulus in case of s,r in ECDSA and s in EdDSA. As this also allowed zer...
EUVD-2017-18457
Malware in sbrugna...