6 matches found
CVE-2020-14966
creationtimestamp| type| source ---|---|--- 2024-01-19 10:23:20+00:00| seen| https://t.me/arpsyndicate/2919...
K000132744: Node.js vulnerability CVE-2020-14966
Security Advisory Description An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verifie...
@10yun/cv-mobile-ui (=0.3.20), @agneta/cli (>=0.14.7 <=0.14.15) +447 more potentially affected by CVE-2020-14966 via jsrsasign (>=4.8.2 <=8.0.18)
jsrsasign NPM version =4.8.2, =0.14.7, =2.0.1-alpha.0, =1.0.0, =1.0.0, =2.0.1-alpha.0, =1.0.0, =1.0.0, =1.0.17-beta.7, =1.0.0-beta.0, =1.0.0, =0.4.1, =1.0.1, =1.0.7 and more Source cves: CVE-2020-14966 Source advisory: OSV:GHSA-P8C3-7RJ8-Q963...
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...
CVE-2020-14966
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a...
CVE-2020-14966
The CVE-2020-14966 issue affects the jsrsasign package up to version 8.0.18 in Node.js. Root cause: malleability in ECDSA signatures from insufficient checks of ASN.1/DER encoding, specifically overflow in sequence length and prepended/appended zeroes to integers, allowing altered signatures to v...