libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that arent in the main cryptographic group.
Weakness
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libsodium | Ubuntu | jammy | * |
| Libsodium | Ubuntu | noble | * |
| Libsodium | Ubuntu | plucky | * |
| Libsodium | Ubuntu | questing | * |
| Libsodium | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/120.html
- https://cwe.mitre.org/data/definitions/15.html
- https://cwe.mitre.org/data/definitions/182.html
- https://cwe.mitre.org/data/definitions/3.html
- https://cwe.mitre.org/data/definitions/43.html
- https://cwe.mitre.org/data/definitions/6.html
- https://cwe.mitre.org/data/definitions/71.html
- https://cwe.mitre.org/data/definitions/73.html
- https://cwe.mitre.org/data/definitions/85.html
References
- https://00f.net/2025/12/30/libsodium-vulnerability/
- https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
- https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7
- https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf
- https://github.com/pyca/pynacl/issues/920
- https://ianix.com/pub/ed25519-deployment.html
- https://news.ycombinator.com/item?id=46435614
- https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html