Pythok

**Name of the Vulnerable Software and Affected Versions** Dropbear versions up to 2025.89 **Description** A flaw exists in mkj Dropbear that relates to improper verification of cryptographic signatures. This issue stems from a manipulation within the `unpackneg` function located in the `src/curve25519.c` file, specifically within the S Range Check component. The attack can be initiated remotely and is considered to have high complexity, with difficult exploitability. The exploit has been publicly disclosed. The issue undermines integrity and auditing of Ed25519 signatures, allowing crafted signatures to be accepted. **Recommendations** Deploy the patch fdec3c90a15447bd538641d85e5a3e3ac981011d.

**Name of the Vulnerable Software and Affected Versions** janmojzis tinyssh versions up to 20250501 **Description** A flaw exists in the Ed25519 Signature Handler component of tinyssh, specifically within the `tinyssh/crypto sign ed25519 tinyssh.c` file. This issue causes improper verification of cryptographic signatures. The attack is limited to local execution and is considered difficult to exploit. The vulnerability resides in an unknown function. **Recommendations** Upgrade to version 20260301 to address this issue.

**Name of the Vulnerable Software and Affected Versions** PuTTY version 0.83 **Description** An issue exists in the Ed25519 Signature Handler component within the `eddsa verify()` function of the `crypto/ecc-ssh.c` file. This flaw allows for the improper verification of cryptographic signatures, which could be exploited remotely. The attack is characterized by high complexity and is considered difficult to execute. **Recommendations** Apply the patch identified as af996b5ec27ab79bae3882071b9d6acf16044549 for version 0.83.