Highwadey

**Name of the Vulnerable Software and Affected Versions** Nebula versions 1.7.0 through 1.10.2 **Description** Nebula is a scalable overlay networking tool. When using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. This requires the attacker to have a copy of the private key and corresponding certificate for one of the blocklist entries. The issue affects networks where `CURVE P256` certificates are in use, there are existing blocklist entries, and the certificates for those entries are signed by a trusted CA and are not expired. **Recommendations** Versions prior to 1.10.3 are affected. Update to version 1.10.3 or later. If updating is not immediately possible, compute the opposite-chirality signature for each certificate on the existing blocklist and add the corresponding second fingerprint to the blocklist. Rotate out all CAs that have signed hosts on the blocklist to prevent exploitation.