CNNVD-202507-3559 Information
CNNVD ID
CNNVD-202507-3559
Related CVE
- CNNVD Published: 2025-07-28
Description (Chinese)
Polkadot Frontier是Polkadot EVM开源的一个提供以太坊虚拟机兼容层的应用程序。 Polkadot Frontier 36f70d1之前版本存在加密问题漏洞,该漏洞源于Curve25519Add和Curve25519ScalarMul预编译处理无效Ristretto点不当,可能导致加密结果错误。
Description (English)
Polkadot Frontier is an application from Polkadot EVM open source that provides a virtual machine-compatible layer in the Taifeng. There was a encryption loophole in the previous version of Polkadot Frontier 36f70d1, which originated from the invalid Ristretto points of the pre-editing process of Curve 25519 Add and Curve 25519 Scalar Mul, which could lead to an error in encryption results.
Hazard Level
Low
Vulnerability Type
加密问题
Affected Vendor
Polkadot EVM
Published
2025-07-28
Last Modified
2026-02-24
References
https://github.com/polkadot-evm/frontier/security/advisories/GHSA-v4q3-23rh-w5mw https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf https://github.com/polkadot-evm/frontier/commit/36f70d1defcaeaed5a453015f6c98c21bb5b121b https://github.com/polkadot-evm/frontier/pull/1720/commits/8ed6053fb868495477ba2409f7e64f439df76f96 https://access.redhat.com/security/cve/cve-2025-54426
Patch
https://github.com/polkadot-evm/frontier/tags
Share on: