3 matches found
CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...
CVE-2026-23965
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...
CVE-2026-23965
CVE-2026-23965 affects the JavaScript library sm-crypto, which implements SM2/SM3/SM4. The issue lies in the SM2 signature verification logic in versions prior to 0.4.0. Under default configurations, an attacker can forge valid signatures for arbitrary public keys, enabling signature forgery. If ...