CVE-2026-1229

Low CVSS: 2.9

The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.
ECDH and ECDSA signing relying on this curve are not affected.

The bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .

Vendor

Cloudflare

Product

Circl

CWE

CWE-682

Yayın Tarihi

2026-02-24 08:16:28

Güncelleme

2026-03-03 00:29:54

Source Identifier

cna@cloudflare.com

KEV Date Added

Kategoriler

CWE-682 Circl LOW Cloudflare 2026

Referanslar

https://github.com/cloudflare/circl

Benzer Kayıtlar

High

CVE-2026-2836

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The…

Critical

CVE-2026-2833

An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The i…

Critical

CVE-2026-2835

An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding…

High

CVE-2026-0933

SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The is…

High

CVE-2025-13353

In gokey versions

High

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_…