Lucene search
K

26 matches found

Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.4 views

Network Impact of Post-Quantum Certificate Chain Sizes on Time to First Byte in TLS Deployments

Post-Quantum Cryptography PQC is a rapidly growing deployment challenge as cryptographically relevant quantum computers CRQC continue to advance, leaving traditional cryptographic algorithms used in X.509 vulnerable to attack. However, PQC introduces significant deployment challenges in real-worl...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.1 views

Merkle Tree Certificate Post-Quantum PKI for Kubernetes and Cloud-Native 5G/B5G Core

Post-quantum signature schemes such as ML-DSA-65 produce signatures of 3,309 bytes and public keys of 1,952 bytes over 50 times larger than classical Ed25519. In TLS-authenticated environments like Kubernetes control planes and 5G Core networks, where every inter-component connection is mutually...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/02 4:52 p.m.10 views

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.3 views

ShieldMMU: Detecting and Defending against Controlled-Channel Attacks in Shielding Memory System

Intel SGX and hypervisors isolate non-privileged programs from other software, ensuring confidentiality and integrity. However, side-channel attacks continue to threaten Intel SGX's security, enabling malicious OS to manipulate PTE present bits, induce page faults, and steal memory access traces...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/07/04 11:21 p.m.3 views

SUSE CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS7.5AI score0.00125EPSS
Exploits0References3
OSV
OSV
added 2025/07/04 3:15 p.m.3 views

DEBIAN-CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS5.6AI score0.00125EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/23 9:20 p.m.6 views

Malicious code in oz-merkle-tree (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/08/23 9:20 p.m.4 views

MAL-2024-10100 Malicious code in oz-merkle-tree (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 732a4768703da4c9eb31465258c2df9b93dcfcf2811b78c72b62d9dbf9b10053 The package is designed to exfiltrate basic data, like hostname and OS details, as well as collect information about the stacktrace it's imported from. ---...

6.8AI score
Exploits0References1
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.16 views

The merkle tree might be revoked again after being used to claim rewards.

Lines of code Vulnerability details Impact The merkle tree might be revoked again after being used to claim rewards. Proof of Concept The governor can revoke the merkle tree using revokeTree. function revokeTree external onlyGovernorOrGuardian if disputer != address0 revert UnresolvedDispute;...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.10 views

ONLY THE LAST DISPUTE IS CONSIDERED UNRESOLVED IN THE Distributor CONTRACT

Lines of code Vulnerability details Impact The Distributor.disputeTree function is used to freeze the Merkle tree update until the dispute is resolved. This is done by setting the disputer state variable to msg.sender. disputeTree is an external function which can be called by anyone by providing...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.10 views

Poor detection of disputed trees allows claiming tokens from a disputed tree

Lines of code Vulnerability details Targets Impact Users can claim rewards from a Merkle tree that's being disputed. This can potentially lead to loss of funds since a malicious trusted EOA can claim funds from a malicious tree while it's being disputed. Proof of Concept The...

6.7AI score
Exploits0
Veracode
Veracode
added 2023/06/26 7:28 a.m.19 views

Improper Input Validation

@openzeppelin/contracts and @openzeppelin/contracts-upgradeable are vulnerable to Improper Input Validation. If a contract uses multiproofs for verification and the merkle tree processing includes a node with value 0 at depth 1, then the contract may be insecure. Balanced trees with three or fewe...

5.9CVSS6.8AI score0.00371EPSS
Exploits0References4Affected Software2
Github Security Blog
Github Security Blog
added 2023/06/19 7:46 p.m.37 views

OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

Impact When the verifyMultiProof, verifyMultiProofCalldata, processMultiProof, or processMultiProofCalldata functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for...

5.9CVSS6.7AI score0.00371EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2023/06/16 11:15 p.m.18 views

CVE-2023-34459

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...

5.9CVSS5.4AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/16 10:13 p.m.26 views

CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...

5.3CVSS5.9AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 2023/06/16 10:13 p.m.93 views

CVE-2023-34459

OpenZeppelin Contracts (versions 4.7.0–4.9.1) are affected by a multiproof forgery issue when using verifyMultiProof/verifyMultiProofCalldata/processMultiProof/processMultiProofCalldata. If the merkle tree includes a node with value 0 at depth 1 under the root, a adversarial or certain benign tre...

5.9CVSS5.3AI score0.00371EPSS
Exploits0References3Affected Software2
Code423n4
Code423n4
added 2022/12/18 12:0 a.m.12 views

Groupbuy: Construction of merkle tree allows some unintended IDs to be bought

Lines of code Vulnerability details Impact In GroupBuy.purchase, when no proof is provided, it is required that the provided token ID is equal to the stored merkleRoot: if purchaseProof.length == 0 // Hashes tokenId to verify merkle root if proof is empty if bytes32tokenId != merkleRoot revert...

6.7AI score
Exploits0
OSV
OSV
added 2022/11/21 8:38 p.m.29 views

GHSA-672P-M5JQ-MRH8 Insufficient Verification of Proofs generated by the immudb server in client SDK.

Impact In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list o...

5.4CVSS5AI score0.00384EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/11/21 8:38 p.m.27 views

Insufficient Verification of Proofs generated by the immudb server in client SDK.

Impact In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list o...

5.4CVSS5.3AI score0.00384EPSS
Exploits1References9Affected Software1
Code423n4
Code423n4
added 2022/10/10 12:0 a.m.15 views

Incorrect implementation of the MerkleVerifier.sol library

Lines of code Vulnerability details Impact The MerkleVerifier results in an incorrect verification of the Merkle Tree. Description Using a simple test case from and deploying the contracts with MerkleVerifier.sol. We can see that the results differs when attempting to verify the Merkle Tree. Test...

6.7AI score
Exploits0
Rows per page
Query Builder