Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Libsodium Encryption Library: Invalid Point Check
OESA-2026-1557
Summary
A security update is required for the encryption library Libsodium, as it incorrectly verifies certain types of encrypted data. This could allow an attacker to exploit the vulnerability in rare situations. To protect your system, update to the latest version of Libsodium as soon as possible.
What to do
- Update libsodium to version 1.0.18-2.oe2003sp4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | libsodium | <= 1.0.18-2.oe2003sp4 | 1.0.18-2.oe2003sp4 |
Original title
libsodium security update
Original description
Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.
Security Fix(es):
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.(CVE-2025-69277)
Security Fix(es):
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.(CVE-2025-69277)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-69277 Vendor Advisory
Published: 15 Mar 2026 · Updated: 15 Mar 2026 · First seen: 15 Mar 2026