Количество 3
Количество 3
CVE-2026-4258
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.
CVE-2026-4258
All versions of the package sjcl are vulnerable to Improper Verificati ...
GHSA-2w8x-224x-785m
sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-4258 All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback. | CVSS3: 7.5 | 0% Низкий | 12 дней назад |
| CVE-2026-4258 All versions of the package sjcl are vulnerable to Improper Verificati ... | CVSS3: 7.5 | 0% Низкий | 12 дней назад |
| GHSA-2w8x-224x-785m sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey | CVSS3: 7.5 | 0% Низкий | 12 дней назад |
Уязвимостей на страницу