Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained a security vulnerability. This vulnerability stemmed from the call to .unwrap during the delinearize function in Ed25519PublicKey::delinearize. When the public key was constructed...

4.3CVSS5.3AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 11:46 p.m.23 views

CVE-2026-46542

CVE-2026-46542 affects Nimiq’s Rust implementation prior to v1.4.0, where Ed25519 public-key handling in multisig could cause a denial-of-service crash. The issue occurs because Ed25519PublicKey::delinearize() calls unwrap() on curve point decompression, panicking when a 32-byte input does not re...

4.3CVSS5.5AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:46 p.m.8 views

CVE-2026-46542 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

4.3CVSS5.5AI score0.00231EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/21 7:45 p.m.20 views

nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/21 7:45 p.m.11 views

GHSA-H9CC-W26M-J342 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : libsodium (EulerOS-SA-2026-1284)

According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint,...

4.5CVSS5.9AI score0.00166EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.6 views

EulerOS 2.0 SP13 : libsodium (EulerOS-SA-2026-1248)

According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint,...

4.5CVSS5.9AI score0.00166EPSS
Exploits0References2
Rows per page
Query Builder