15 matches found
GHSA-H9CC-W26M-J342 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...
CVE-2026-42545
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...
CVE-2026-42545 Granian: DoS via WSGI response header panic
Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...
PT-2026-38269
Name of the Vulnerable Software and Affected Versions Granian versions 0.2.0 through 2.7.3 Description Granian aborts a worker process when a WSGI application returns an invalid HTTP response header name or value. This occurs because the WSGI response conversion path utilizes .unwrap on both head...
CVE-2026-35468
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.historystore.historyindex.unwr...
CVE-2026-35468
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.historystore.historyindex.unwr...
EUVD-2026-18929
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.historystore.historyindex.unwr...
CVE-2026-35468 nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs without the history index
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.historystore.historyindex.unwr...
CVE-2026-35468
CVE-2026-35468 affects the Rust implementation nimiq/core-rs-albatross. Before version 1.3.0, two peer-facing consensus request handlers assume the history index is always available and call blockchain.history_store.history_index().unwrap() directly. HistoryStoreProxy::history_index() returns Non...
PT-2026-30255
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history store.history...
CVE-2026-22699
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
CVE-2026-22699
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
EUVD-2026-1875
RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...
CVE-2026-22699
RustCrypto: Elliptic Curves (RustCrypto SM2 PKE) suffers a denial-of-service vulnerability in the decryption path when an invalid EC point is decoded. Affected versions are 0.14.0-pre.0 and 0.14.0-rc.0; AffinePoint::from_encoded_point(&encoded_c1) may yield None, but the code unwraps it, causing ...
PT-2025-51146
Name of the Vulnerable Software and Affected Versions Sequoia versions prior to 2.1.0 Description A flaw exists in Sequoia that, when provided with a short ciphertext during the aes key unwrap process, causes a panic. An attacker can exploit this to cause an application crash by sending a special...