CVE-2025-15444

A flaw was found in libsodium, a cryptographic library used for secure communication. When processing certain custom cryptographic data or untrusted inputs, the library's cryptocoreed25519isvalidpoint function incorrectly validates elliptic curve points. This oversight could allow an attacker to...

libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...