2426416 – (CVE-2025-69277) CVE-2025-69277 libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure.

Bug 2426416 (CVE-2025-69277) - CVE-2025-69277 libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure.

Summary: CVE-2025-69277 libsodium: pynacl: libsodium: Improper validation of elliptic ...

Keywords:
Status:	NEW
Alias:	CVE-2025-69277
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2426615 2426616 2426614 2426617 2426618
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-31 06:01 UTC by OSIDB Bzimport
Modified:	2026-01-09 14:13 UTC (History)
CC List:	70 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-31 06:01:16 UTC

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptograpbic group.

Note You need to log in before you can comment on or make changes to this bug.

abarbaro
adudiak
alizardo
anthomas
bdettelb
brasmith
carogers
cochase
dfreiber
doconnor
dranck
drow
dymurray
eglynn
ehelms
erezende
ggainey
haoli
hkataria
ibolton
jajackso
jburrell
jcammara
jchui
jhe
jjoyce
jkoehler
jmatthew
jmitchel
jmontleo
jneedle
jschluet
juwatts
kegrant
koliveir
kshier
ktsao
lhh
ljawale
lphiri
luizcosta
mabashia
mburns
mgarciac
mhulan
nboldt
nmoumoul
nweather
osousa
pbohmill
pbraun
pcreech
pgaikwad
psrna
rbobbitt
rchan
rjohnson
shvarugh
simaishi
slucidi
smallamp
smcdonal
sseago
stcannon
teagle
tfister
thavo
tmalecek
vkumar
yguenane