ALT-PU-2026-1093-4

Package update libsodium in branch p11

Version1.0.21-alt1

Published2026-03-03

Max severityMEDIUM

Severity:

Closed issues (3)

MEDIUM4.5

Уязвимость функции crypto_core_ed25519_is_valid_point() криптографической библиотеки libsodium, позволяющая нарушителю выполнить произвольный код

Published: 2026-03-02Modified: 2026-03-11

CVSS 3.xMEDIUM 4.5

CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:L/AC:H/Au:N/C:P/I:P/A:N

References

CVE-2025-69277

MEDIUM4.5

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.

Published: 2025-12-31Modified: 2026-04-15

CVSS 3.xMEDIUM 4.5

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References

GHSA-mrfv-m5wm-5w6w

MEDIUM4.5

libsodium has Incomplete List of Disallowed Inputs

Published: 2025-12-31Modified: 2026-01-07

CVSS 3.xMEDIUM 4.5

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References