Headline

GHSA-p53j-g8pw-4w5f: Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

15 hours ago

ghsa

Open in Source

#vulnerability #java #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-q298-375f-5q63: Snowflake JDBC Driver client-side encryption key in DEBUG logs

2 hours ago

ghsa

GHSA-hm54-fg2w-2g6j: MODX allows cross-site scripting (XSS) via an SVG file

3 hours ago

ghsa

GHSA-h2rp-8vpx-q9r4: cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002)

5 hours ago

ghsa

GHSA-p53j-g8pw-4w5f: Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check

15 hours ago

ghsa

GHSA-qxp5-gwg8-xv66: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

23 hours ago

ghsa