| عنوان | GitHub tinyssh 20250501 Cryptographic Issues |
|---|
| الوصف | A signature malleability vulnerability was identified in tinyssh (up to the latest version at the time of reporting) due to an incomplete implementation of the Ed25519 verification logic. The software fails to strictly validate the range of the scalar S during signature verification, as mandated by RFC 8032. Specifically, the implementation does not check whether S is within the canonical range [0, L), where L is the order of the base point. An attacker can craft a non-canonical signature by adding multiples of L to the scalar S, which will still be accepted as valid by the affected versions of tinyssh. While this does not directly lead to private key recovery, it allows for signature malleability, which can be exploited in protocols relying on signature uniqueness or to bypass certain security checks in downstream applications. |
|---|
| المصدر | ⚠️ https://github.com/janmojzis/tinyssh/issues/101 |
|---|
| المستخدم | pythok (UID 95793) |
|---|
| ارسال | 07/03/2026 01:12 PM (2 أشهر منذ) |
|---|
| الاعتدال | 21/03/2026 04:10 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352358 [janmojzis tinyssh حتى 20250501 Ed25519 Signature crypto_sign_ed25519_tinyssh.c توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|