Shaharcohen1

**Name of the Vulnerable Software and Affected Versions** filippo.io/edwards25519 versions 1.1.0 and earlier **Description** The `filippo.io/edwards25519` Go library, used for edwards25519 elliptic curve cryptography, has an issue where the `MultiScalarMult` function produces incorrect results or undefined behavior when called with an improperly initialized point. Specifically, if `(*Point).MultiScalarMult` is invoked on a point that is not the identity point, an incorrect result is returned. If called on an uninitialized point, the behavior is undefined, potentially returning an invalid point that compares equal to all other points. This function is considered a rarely used, advanced API. Users relying on `filippo.io/edwards25519` through `github.com/go-sql-driver/mysql` are not affected. **Recommendations** Upgrade to version 1.1.1 or later to resolve this issue. If you are using the `MultiScalarMult` function, ensure the receiver is properly initialized to the identity point before calling the function.