| 제목 | PuTTY Project (Simon Tatham) PuTTY 0.83 Improper Verification of Cryptographic Signature |
|---|
| 설명 | PuTTY's Ed25519 verification logic in crypto/ecc-ssh.c (eddsa_verify) does not enforce strict canonical-scalar validation (S < L). Because of this, a valid signature (R, S) can be malleated into (R, S+L) and still pass verification.
Using the provided PoC with PuTTY testcrypt (ssh_key_verify), both signatures verify successfully:
putty verify(orig) = True
putty verify(S+L) = True
This demonstrates Ed25519 signature malleability acceptance (non-canonical signature accepted). Historically, similar signature malleability vulnerabilities have been discovered and assigned CVEs in other projects, including CVE-2026-3706, CVE-2020-36843, and CVE-2024-45193. |
|---|
| 원천 | ⚠️ https://github.com/py-thok/putty-ed25519-malleability-s-plus-l |
|---|
| 사용자 | pythok (UID 95793) |
|---|
| 제출 | 2026. 03. 09. AM 07:40 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 22. PM 12:48 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352429 [PuTTY 0.83 Ed25519 Signature crypto/ecc-ssh.c eddsa_verify 약한 인증] |
|---|
| 포인트들 | 20 |
|---|