CVE-2025-14505

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

Elliptic 安全漏洞

Elliptic is a fast elliptic curve cryptographic library in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic 6.6.1 and earlier versions, which stems from a miscalculation of the k-value in the ECDSA implementation and could lead to key disclosure...

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

Bouncy Castle JCE Provider Information Disclosure Vulnerability

Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in the generation of DSA signatures in Bouncy Castle JCE Provider 1.55 and earlier versions. An attacker can exploit this vulnerability to obtain information about the k-value of the signature, and thus...