Refine your search

1 vulnerability found for by libsodium

CVE-2025-69277 (GCVE-0-2025-69277)
Vulnerability from cvelistv5
Published
2025-12-31 05:50
Modified
2025-12-31 06:03
Severity ?
4.5 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-184 - Incomplete List of Disallowed Inputs
Summary
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
References
Impacted products
Vendor Product Version
libsodium libsodium Version: 0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libsodium",
          "vendor": "libsodium",
          "versions": [
            {
              "lessThan": "ad3004ec8731730e93fcfbbc824e67eadc1c1bae",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren\u0027t in the main cryptographic group."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184 Incomplete List of Disallowed Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T06:03:26.026Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae"
        },
        {
          "url": "https://00f.net/2025/12/30/libsodium-vulnerability/"
        },
        {
          "url": "https://news.ycombinator.com/item?id=46435614"
        },
        {
          "url": "https://ianix.com/pub/ed25519-deployment.html"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-69277",
    "datePublished": "2025-12-31T05:50:07.422Z",
    "dateReserved": "2025-12-31T05:50:07.155Z",
    "dateUpdated": "2025-12-31T06:03:26.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}