From 0127a2a9664453590720a38861fb0c22aac95141 Mon Sep 17 00:00:00 2001 From: William Morland Date: Tue, 24 Mar 2026 11:15:45 +0000 Subject: [PATCH] Improve GHSA-2w8x-224x-785m --- .../GHSA-2w8x-224x-785m/GHSA-2w8x-224x-785m.json | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/advisories/github-reviewed/2026/03/GHSA-2w8x-224x-785m/GHSA-2w8x-224x-785m.json b/advisories/github-reviewed/2026/03/GHSA-2w8x-224x-785m/GHSA-2w8x-224x-785m.json index 24dc51d520b79..d888925f06951 100644 --- a/advisories/github-reviewed/2026/03/GHSA-2w8x-224x-785m/GHSA-2w8x-224x-785m.json +++ b/advisories/github-reviewed/2026/03/GHSA-2w8x-224x-785m/GHSA-2w8x-224x-785m.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2w8x-224x-785m", - "modified": "2026-03-18T16:10:06Z", + "modified": "2026-03-18T16:10:10Z", "published": "2026-03-17T06:31:32Z", "aliases": [ "CVE-2026-4258" @@ -9,13 +9,9 @@ "summary": "sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey", "details": "All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The dhJavaEc() function directly returns the raw x-coordinate of the scalar multiplication result (no hashing), providing a plaintext oracle without requiring any decryption feedback.", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" - }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" } ], "affected": [ @@ -32,11 +28,14 @@ "introduced": "0" }, { - "last_affected": "1.0.8" + "fixed": "1.0.9" } ] } - ] + ], + "database_specific": { + "last_known_affected_version_range": "<= 1.0.8" + } } ], "references": [