CNNVD-202511-2709 Information

CNNVD ID

CNNVD-202511-2709

Related CVE

CVE-2025-66016

• CNNVD Published: 2025-11-25

Description (Chinese)

cggmp21是Lockness开源的一个Rust库。 cggmp21 0.6.3之前版本存在数据伪造问题漏洞，该漏洞源于ZK证明中缺少检查，可能导致恶意签名者重建完整私钥。

Description (English)

cggmp21 is a Rust bank from Lockness. The previous version of cggmp21 0.6.3 had a gap in data forgery, which stemmed from the lack of checks in ZK certificates and could lead to the re-establishment of the full private key by the malicious signatory.

Hazard Level

Low

Vulnerability Type

数据伪造问题

Affected Vendor

Lockness

Published

2025-11-25

Last Modified

2026-02-24

References

https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889 https://access.redhat.com/security/cve/cve-2025-66016

Patch

https://github.com/LFDT-Lockness/cggmp21/tags