GO-2026-4503

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2026-4503

Import Source

https://vuln.go.dev/ID/GO-2026-4503.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2026-4503

Aliases

Related

CGA-2p5w-8865-7rch

Published

2026-02-17T21:58:22Z

Modified

2026-02-19T20:41:24.219467Z

Summary

Invalid result or undefined behavior in filippo.io/edwards25519

Details

Previously, if MultiScalarMult was invoked on an initialized point who was not the identity point, MultiScalarMult produced an incorrect result. If called on an uninitialized point, MultiScalarMult exhibited undefined behavior.

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2026-4503",
    "review_status": "REVIEWED"
}

References

Credits

- shaharcohen1
- WeebDataHoarder

Affected packages

Go / filippo.io/edwards25519

Package

Name: filippo.io/edwards25519; View open source insights on deps.dev
Purl: pkg:golang/filippo.io/edwards25519

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Point.MultiScalarMult"
            ],
            "path": "filippo.io/edwards25519"
        }
    ]
}

Database specific

source

"https://vuln.go.dev/ID/GO-2026-4503.json"