PT-2026-42628

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

Medium: libsodium

Issue Overview: libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

Infinite loop

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2026-24485 ImageMagick: Infinite loop vulnerability when parsing a PCD file

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the DecodeImage function becomes trapped in an infinite loop while searching for the Sync marker, causing...

SUSE-SU-2026:20448-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...

CVE-2026-22699

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

EUVD-2026-1875

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

CVE-2026-22699

RustCrypto: Elliptic Curves (RustCrypto SM2 PKE) suffers a denial-of-service vulnerability in the decryption path when an invalid EC point is decoded. Affected versions are 0.14.0-pre.0 and 0.14.0-rc.0; AffinePoint::from_encoded_point(&encoded_c1) may yield None, but the code unwraps it, causing ...

PT-2026-2249

Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The RustCrypto Elliptic Curves library provides general purpose Elliptic Curve Cryptography ECC support. A denial-of-service issue exists in the SM2 PKE decryption path where an...

GHSA-78P6-6878-8MJ6 SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

Summary A denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point C1 is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::fromencodedpoint&encodedc1 may return a None/CtOption::None when the supplied...

SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

Summary A denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point C1 is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::fromencodedpoint&encodedc1 may return a None/CtOption::None when the supplied...

CVE-2025-69277

A flaw was found in libsodium. When processing untrusted data in specific cryptographic operations, the library's cryptocoreed25519isvalidpoint function incorrectly validates elliptic curve points. This improper validation could allow an attacker to bypass security checks, potentially leading to ...

EUVD-2025-205876

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

Linux Distros Unpatched Vulnerability : CVE-2025-69277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for...

CVE-2022-44310

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

CVE-2022-44310

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...