CVE-2020-36843

ADVISORY - github

Summary

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

EPSS Score⁠: 0.00025 (0.064)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-347⁠

Improper Verification of Cryptographic Signature

ADVISORY - github

CWE-347⁠

Improper Verification of Cryptographic Signature

Impacted images

Advisories

NIST

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDCVE-2020-36843⁠

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-347⁠

CVSS SCORE

4.3medium

GitHub

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY IDGHSA-p53j-g8pw-4w5f⁠

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-347⁠

CVSS SCORE

4.3medium

Debian

CREATED

11 months ago

UPDATED

29 days ago

ADVISORY IDCVE-2020-36843⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

11 months ago

UPDATED

12 days ago

ADVISORY IDCVE-2020-36843⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY ID

CGA-hm4c-chhm-rg2x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

21 days ago

UPDATED

21 days ago

ADVISORY ID

CGA-mx9v-ggh6-gw62

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

20 hours ago

UPDATED

20 hours ago

ADVISORY ID

MINI-65fc-pwc9-fjh6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

MINI-mqwq-7r2q-x4rp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

MINI-qvjx-q843-qhm7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

MINI-rxc8-vx2f-w77j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

10 months ago

UPDATED

10 months ago

ADVISORY ID

MINI-w353-hhqg-f5vm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

MINI-x4v6-2mrj-mhf2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY