Описание
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.0.18-2 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | released | 1.0.18-1ubuntu0.22.04.1 |
| noble | released | 1.0.18-1ubuntu0.24.04.1 |
| plucky | released | 1.0.18-1ubuntu0.25.04.1 |
| questing | released | 1.0.18-1ubuntu0.25.10.1 |
| upstream | released | 1.0.18-2 |
Показывать по
EPSS
4.5 Medium
CVSS3
Связанные уязвимости
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
libsodium before ad3004e, in atypical use cases involving certain cust ...
libsodium has Incomplete List of Disallowed Inputs
EPSS
4.5 Medium
CVSS3