Lucene search
+L

43 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-44842

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

7.5CVSS6.2AI score0.00801EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-50721

A flaw was found in Libreswan's implementation of IKEv1 authentication via raw RSA signatures. When processing an IKEv1 packet using PKCS 1 v1.5 RSA encryption, the RSAauthenticatehashsignaturerawrsa function fails to properly validate the length of the authentication hash. A remote,...

8.1CVSS6AI score0.00392EPSS
Exploits0References6
OSV
OSV
added 2026/06/11 4:55 p.m.7 views

MGASA-2026-0197 Updated gnupg2 packages fix security vulnerabilities

CVE-2025-68973, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. CVE-2026-24882, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC key...

8.4CVSS7.3AI score0.00447EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40092

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS5.6AI score0.00626EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 10:16 p.m.27 views

CVE-2026-40092

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS0.00626EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 9:16 p.m.25 views

CVE-2026-40092

Summary: In Nimiq’s Rust-based stack, versions ≤ 1.3.0 of the nimiq-blockchain component are vulnerable to a crafted Kademlia DHT record containing a TaggedSigned with a signature field not exactly 64 bytes. When a victim node processes the record, the Ed25519 signature is parsed via Ed25519Signa...

7.5CVSS5.9AI score0.00626EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 9:16 p.m.46 views

CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS0.00626EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/20 9:16 p.m.7 views

CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS5.9AI score0.00626EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from malicious network peer nodes publishing specially crafted Kademlia DHT records where the length of the signature field is...

7.5CVSS5.8AI score0.00626EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/15 4:31 p.m.12 views

nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

7.5CVSS6AI score0.00626EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/15 4:31 p.m.24 views

GHSA-27W2-87XV-37C6 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

7.5CVSS6AI score0.00626EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/01/27 7:16 p.m.6 views

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...

5.5CVSS5.9AI score0.00447EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:43 p.m.5 views

CVE-2026-24883

In GnuPG before 2.5.17, a long signature packet length causes parsesignature to return success with sig-data set to a NULL value, leading to a denial of service application crash...

3.7CVSS5.9AI score0.00447EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-16058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the pamp11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this trigge...

7.5CVSS7.1AI score0.01526EPSS
Exploits0References2
Yubico
Yubico
added 2025/02/17 12:0 a.m.51 views

YSA-2025-02 | Yubico

A low severity issue has been identified in YubiKeys versions 5.4.1 through 5.7.3 in the FIDO CTAP PIN/UV Auth Protocol Two implementation. These YubiKey versions use the 16 byte signature length from CTAP PIN/UV Auth Protocol One during the verification step, even when the 32 byte CTAP PIN/UV Au...

2.2CVSS7AI score0.00115EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/10/30 4:6 a.m.4 views

SUSE CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS9.5AI score0.00302EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/08/08 7:46 p.m.21 views

CVE-2024-42459

A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn't properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues. Mitigation Mitigation fo...

5.3CVSS5.2AI score0.00302EPSS
Exploits1References4
OSV
OSV
added 2024/08/02 9:31 a.m.4 views

GHSA-F7Q4-PWC6-W24P Elliptic's EDDSA missing signature length check

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

6.9CVSS6.7AI score0.00302EPSS
Exploits1References6
NVD
NVD
added 2024/08/02 7:16 a.m.19 views

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS0.00302EPSS
Exploits1References2
OSV
OSV
added 2024/08/02 7:16 a.m.3 views

DEBIAN-CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS6.7AI score0.00302EPSS
Exploits1References1
Rows per page
Query Builder