CVE-2026-26958
中文标题:
(暂无数据)
英文标题:
filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity
漏洞描述
中文描述:
(暂无数据)
英文描述:
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| FiloSottile | filippo.io/edwards25519 | < 1.1.1 | - | - |
cpe:2.3:a:filosottile:filippo.io_edwards25519:<_1.1.1:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
CVSS评分详情
4.0 (cna)
LOWCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2026-26958 |
2026-02-20 03:19:39 | 2026-02-19 22:00:03 |
| NVD | nvd_CVE-2026-26958 |
2026-02-20 02:00:04 | 2026-02-19 22:00:06 |
版本与语言
安全公告
变更历史
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']