7 matches found
Nimiq 安全漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained a security vulnerability. This vulnerability stemmed from the call to .unwrap during the delinearize function in Ed25519PublicKey::delinearize. When the public key was constructed...
CVE-2026-46542
CVE-2026-46542 affects Nimiq’s Rust implementation prior to v1.4.0, where Ed25519 public-key handling in multisig could cause a denial-of-service crash. The issue occurs because Ed25519PublicKey::delinearize() calls unwrap() on curve point decompression, panicking when a 32-byte input does not re...
CVE-2026-46542 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...
GHSA-H9CC-W26M-J342 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...
EulerOS 2.0 SP13 : libsodium (EulerOS-SA-2026-1284)
According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint,...
EulerOS 2.0 SP13 : libsodium (EulerOS-SA-2026-1248)
According to the versions of the libsodium package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint,...