-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| net.i2p.crypto:eddsa | maven | <= 0.3.0 | |
| net.i2p:i2p | maven | < 0.9.39 | 0.9.39 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing scalar range validation during signature verification. The commit d7d1dcb adds a critical check comparing 'S' against EdDSABlinding.ORDER in EdDSAEngine.java's verification logic. The pre-patch code in x_engineVerify() processed the 'S' value without this validation, enabling signature malleability. The CVE description and academic paper both confirm this missing check as the root cause. The high confidence comes from direct evidence in the patch diff and vulnerability descriptions linking the missing check to SUF-CMA violations.
JavaJavaKEV Misses 88% of Exploited CVEs- Get the report