327 matches found
CVE-2026-46654 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...
CVE-2026-46654
The CVE-2026-46654 issue affects Plonky3’s MultiField32Challenger in the prover transcript handling, where transcript malleability allows an attacker controlling prover-side observations to craft transcripts that yield identical challenges, breaking Fiat-Shamir binding. Root cause: a mismatch bet...
CVE-2026-46654 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...
Unity Linux 20.1050e / 20.1070e Security Update: ed25519-java (UTSA-2026-016772)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016772 advisory. The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential...
GHSA-VJ64-RJF3-W3V7 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
Impact - Key: challenger/src/multifieldchallenger.rs | MultiField32Challenger::duplexing | transcriptmalleability - Affected files: challenger/src/multifieldchallenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed fiel...
PT-2026-42695
Name of the Vulnerable Software and Affected Versions Plonky3 versions prior to 0.4.3 Plonky3 versions prior to 0.5.3 Description An attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This...
Astra Linux – Vulnerability in Node-Elliptic
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
On the (Non-)Resilience of Encrypted Controllers to Covert Attacks
The security of networked control systems NCS is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailore...
StableLib Ed25519 Signature Malleability via Missing S < L Check
Ed25519 Signature Malleability via Missing S = L to prevent signature malleability. When S = L, SB = S mod LB = S - LB, meaning two different 32-byte S values produce the same verification result. An attacker who observes a valid signature R, S can produce a second valid signature R, S + L for th...
GHSA-X3FF-W252-2G7J StableLib Ed25519 Signature Malleability via Missing S < L Check
Ed25519 Signature Malleability via Missing S = L to prevent signature malleability. When S = L, SB = S mod LB = S - LB, meaning two different 32-byte S values produce the same verification result. An attacker who observes a valid signature R, S can produce a second valid signature R, S + L for th...
Linux Distros Unpatched Vulnerability : CVE-2026-33895
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accept...
CVE-2026-33895
A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...
CVE-2026-33895
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
CVE-2026-33895
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
UBUNTU-CVE-2026-33895
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
CVE-2026-33895
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...
Digital Bazaar Forge 数据伪造问题漏洞
Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it serves as an open-source tool for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 contained a data manipulation...