6 matches found
CVE-2026-5466
wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...
CVE-2026-5466
wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...
CVE-2026-5466
CVE-2026-5466 affects wolfSSL’s ECCSI verifier wc_VerifyEccsiHash, which decodes r and s without validating they lie in [1, q-1]. This could allow forging a signature to verify against any message for any identity using publicly-known constants. Connected docs confirm the root cause: missing sani...
PT-2026-31862
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description The ECCSI signature verifier wc VerifyEccsiHash in wolfSSL decodes the r and s scalars from the signature blob using mp read unsigned bin without verifying that these values fall within the...
PT-2023-8855 · Vim +6 · Vim +6
Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.0.2108 Description: The issue is related to the use of large values for the :s command, which can exceed the capacity of a signed long variable, potentially leading to a crash. The impact is considered low, and user...
WordPress Virim Deserialization Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Virim plugin is used in one of the website social activity analysis plugin. Virim plugin 0.4 for WordPress allows unsafe deserializatio...