Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to use of P256 certificates. An attacker can evade blocklist enforcement by exploiting ECDSA signature malleability to generate a certificate with a different fingerprint, allowing us...

EUVD-2020-6103

Malware in sbrugna...

`Slip10Like` derivation method instantiated with certain curves may allow attacker to find derivation path which results into very long derivation (possible DoS)

Impact Impacted are the only ones who use hdwallet::Slip10Like or slip10 derivation method instantiated with curves other than secp256k1 and secp256r1. hdwallet crate used to provide Slip10Like derivation method, which is also provided in slip-10 crate as a default derivation method. It's based o...

GHSA-79RC-JJH6-RC89 PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey

Impact The server uses ECDH to calculate a shared secret for the symmetric encryption key used to encrypt network packets after logging in. ECDH requires that the keys used must both belong to the same elliptic curve. In Minecraft: Bedrock Edition, the curve used is secp384r1. Using any other cur...

Design/Logic Flaw

Crypt::Perl::ECDSA in the Crypt::Perl aka p5-Crypt-Perl module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 prime256v1. This could conceivably have a security-relevant impact if an attacker wishes ...

nettle security and bug fix update

2.7.1-8 - Use a cache-silent version of mpzpowm to prevent cache-timing attacks against RSA and DSA in shared VMs. 1364897,CVE-2016-6489 2.7.1-5 - Fixed SHA-3 implementation to conform to final standard 1252936 - Fixed CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 which caused issues in secp256r1 and...