CNNVD-202601-4909 Information
CNNVD ID
CNNVD-202601-4909
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
parsec-cloud是Scille开源的一个文件共享工具。 parsec-cloud 3.6.0之前版本存在安全漏洞,该漏洞源于libparsec_crypto组件未检查Curve25519的弱阶点,可能导致中间人攻击。
Description (English)
Parsec-cloud is an open-source file-sharing tool for Scille. A security loophole existed in the pre-version 3.6.0, which originated from the failure of the libparsec crypto component to examine the weak point of Curve25519, which could lead to an attack by an intermediary.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Scille
Published
2026-01-29
Last Modified
2026-02-24
References
https://github.com/Scille/parsec-cloud/security/advisories/GHSA-hrc9-gm58-pgj9 https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/x25519-dalek/src/x25519.rs#L364-L366 https://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82b3d2995b2 https://github.com/Scille/parsec-cloud/blob/e7c5cdbc4234f606ccf3ab2be7e9edc22db16feb/libparsec/crates/crypto/src/rustcrypto/private.rs#L136-L138 https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/curve25519-dalek/src/montgomery.rs#L132-L146 https://access.redhat.com/security/cve/cve-2025-62514
Patch
https://github.com/Scille/parsec-cloud/releases
Share on: