mkj Dropbear
cpe:2.3:a:dropbear_project:dropbear:*:*:*:*:*:*:*
- <= 2025.89
A vulnerability exists in mkj Dropbear SSH server software in versions through 2025.89. The issue is located in the Curve25519 implementation, specifically within the 'unpackneg' function of 'src/curve25519.c'. This vulnerability arises from an improper range check on the 'S' value of Ed25519 signatures, allowing for signature malleability. The flaw can be exploited remotely, with a public proof-of-concept available.
Exploitation of this vulnerability leads to a signature verification flaw, allowing for the creation of equivalent signatures that are accepted by the Dropbear verification process, thereby breaking signature uniqueness and potentially impacting higher-level security policies or auditing processes that rely on it.
The vulnerability can be reproduced by generating a valid Ed25519 signature using Dropbear's signing function, and then creating a malleated version of that signature by adding the group order 'L' to the 'S' component. This modified signature will also be accepted by the Dropbear verification process, demonstrating the malleability issue.
Users are advised to apply the patch available in the commit 'fdec3c90a15447bd538641d85e5a3e3ac981011d'.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.