| 제목 | GitHub tinyssh 20250501 Cryptographic Issues |
|---|
| 설명 | A signature malleability vulnerability was identified in tinyssh (up to the latest version at the time of reporting) due to an incomplete implementation of the Ed25519 verification logic. The software fails to strictly validate the range of the scalar S during signature verification, as mandated by RFC 8032. Specifically, the implementation does not check whether S is within the canonical range [0, L), where L is the order of the base point. An attacker can craft a non-canonical signature by adding multiples of L to the scalar S, which will still be accepted as valid by the affected versions of tinyssh. While this does not directly lead to private key recovery, it allows for signature malleability, which can be exploited in protocols relying on signature uniqueness or to bypass certain security checks in downstream applications. |
|---|
| 원천 | ⚠️ https://github.com/janmojzis/tinyssh/issues/101 |
|---|
| 사용자 | pythok (UID 95793) |
|---|
| 제출 | 2026. 03. 07. PM 01:12 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 21. PM 04:10 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352358 [janmojzis tinyssh 까지 20250501 Ed25519 Signature crypto_sign_ed25519_tinyssh.c 약한 인증] |
|---|
| 포인트들 | 20 |
|---|