While working on rango-client project, I scanned the dependency manifest and found that it uses a vulnerable version of @stablelib/ed25519. The scan revealed a signature malleability issue where the verify() function does not properly validate the signature’s S component, allowing multiple valid signatures for the same message, which could impact systems relying on signature uniqueness.
CVE Report
CVE Link
While working on rango-client project, I scanned the dependency manifest and found that it uses a vulnerable version of
@stablelib/ed25519. The scan revealed a signature malleability issue where theverify()function does not properly validate the signature’sScomponent, allowing multiple valid signatures for the same message, which could impact systems relying on signature uniqueness.CVE Report
CVE Link