WRITEUP

WRITEUP

Exploit for CVE-2025-69277 - libsodium <ad3004e - Memory Corruption

AI Analysis

This patch addresses a vulnerability in libsodium's Ed25519 point validation by adding an additional check for Y==Z when X==0, preventing invalid points from being accepted. The fix includes both the core logic change and corresponding test cases.

Attack Type

other

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae

Authors

Frank DENIS

Vulnerability

CVE-2025-69277

libsodium <ad3004e - Memory Corruption

MEDIUM

CVSS 4.5