213 matches found
CVE-2026-22866
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
EUVD-2026-8679
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS1 v1.5 Padding Validation...
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...
@ansdomain/react-ans-address (>=0.0.31 <=0.0.32), @ansdomain/ui (>=3.8.0 <=3.8.771) +108 more potentially affected by CVE-2026-22866 via @ensdomains/ens-contracts (>=0.0.10 <=1.2.2)
@ensdomains/ens-contracts NPM version =0.0.10, =0.0.31, =3.8.0, =0.3.0-alpha, =1.2.0, =0.0.1, =0.0.1, =2.1.7, =3.4.2, =0.0.1, =3.4.5, =3.0.0-alpha.3, =2.2.2, =1.0.0, =3.0.0-alpha.3 and more Source cves: CVE-2026-22866 Source advisory: OSV:GHSA-C6RR-7PMC-73WC...
GHSA-C6RR-7PMC-73WC ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...
CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
PT-2026-21935
Name of the Vulnerable Software and Affected Versions Ethereum Name Service ENS versions 1.6.2 and prior Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes ...
Malicious Package
Overview ens-austt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2025-198976
Malicious code in @ensdomains/op-resolver-contracts npm...
EUVD-2025-198977
Malicious code in @ensdomains/ens-test-env npm...
MAL-2025-190932 Malicious code in @ensdomains/ens-test-env (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3393f85554fe6141b0f72e2f23d0940b102522348e71f60d407dc1471de8f6a9 The package @ensdomains/ens-test-env was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/ens-test-env (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3393f85554fe6141b0f72e2f23d0940b102522348e71f60d407dc1471de8f6a9 The package @ensdomains/ens-test-env was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190930 Malicious code in @ensdomains/durin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7dcacde55c5201c366d199c830f210e3b126c9d1569c7c9a169bf40f8a3e13f The package @ensdomains/durin was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190931 Malicious code in @ensdomains/ens-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee805b6610ec644c5edb2b73ca1d1da2119bb3280f182e716cfdd0aa31720fb The package @ensdomains/ens-contracts was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/ens-contracts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dee805b6610ec644c5edb2b73ca1d1da2119bb3280f182e716cfdd0aa31720fb The package @ensdomains/ens-contracts was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198979
Malicious code in @ensdomains/ens-contracts npm...
@cartesi/rollups (=2.0.0-rc.3), @guidanoli/cmioc (>=0.1.4 <=0.2.1) +5 more potentially affected by unknown CVE via @ensdomains/ens-contracts (>=1.0.0 <=1.2.2)
@ensdomains/ens-contracts NPM version =1.0.0, =0.1.4, =0.1.5, =0.0.6, =0.0.4, =100.2.5-beta.0, =0.4.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190931...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...