exploitDog

CVE-2026-5466

Опубликовано: 10 апр. 2026

Источник: nvd

EPSS Низкий

Описание

wolfSSL's ECCSI signature verifier wc_VerifyEccsiHash decodes the r and s scalars from the signature blob via mp_read_unsigned_bin with no check that they lie in [1, q-1]. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.

Ссылки

https://github.com/wolfssl/wolfssl/pull/10102

EPSS

Процентиль: 1%

0.00011

Низкий

Дефекты

CWE-347

Связанные уязвимости

CVE-2026-5466

ubuntu

5 дней назад

wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.

CVE-2026-5466

debian

5 дней назад

wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r ...

GHSA-47qf-hp3h-rwmm

github

5 дней назад

wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.

EPSS

Процентиль: 1%

0.00011

Низкий

Дефекты

CWE-347