Lucene search
GoogleOSV:CVE-2020-15093HistoryJul 09, 2020 - 7:15 p.m.
CVE-2020-15093
2020-07-0919:15:11
Google
osv.dev
5
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation.
Related
osv
osv
Improper uniqueness verification of signature threshold
2020-07-09 12:00:00
Improper verification of signature threshold in tough
2021-08-25 20:56:55
Incorrect threshold signature computation in TUF
2020-08-21 16:25:26
rustsec
rustsec
Improper uniqueness verification of signature threshold
2020-07-09 12:00:00
prion
prion
Information disclosure
2020-07-09 19:15:00
Input validation
2020-02-05 16:15:00
nvd
nvd
CVE-2020-15093
2020-07-09 19:15:11
CVE-2020-6174
2020-02-05 16:15:11
cve
cve
CVE-2020-15093
2020-07-09 19:15:11
CVE-2020-6174
2020-02-05 16:15:11
cvelist
cvelist
CVE-2020-15093 Improper verification of signature threshold in tough
2020-07-09 18:45:16
CVE-2020-6174
2020-02-05 15:49:15
github
github
Improper verification of signature threshold in tough
2021-08-25 20:56:55
Incorrect threshold signature computation in TUF
2020-08-21 16:25:26
veracode
veracode
Improper Cryptographic Signature Verification
2020-07-13 05:20:19
Improper Verification Of Cryptographic Signatures
2020-02-06 01:23:06