Lucene search
K

6 matches found

Circl
Circl
added 2024/01/19 10:23 a.m.5 views

CVE-2020-14966

creationtimestamp| type| source ---|---|--- 2024-01-19 10:23:20+00:00| seen| https://t.me/arpsyndicate/2919...

7.5CVSS7.1AI score0.01116EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2023/02/23 9:51 p.m.25 views

K000132744: Node.js vulnerability CVE-2020-14966

Security Advisory Description An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verifie...

7.5CVSS7.4AI score0.01116EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/06/26 4:54 p.m.8 views

@10yun/cv-mobile-ui (=0.3.20), @agneta/cli (>=0.14.7 <=0.14.15) +447 more potentially affected by CVE-2020-14966 via jsrsasign (>=4.8.2 <=8.0.18)

jsrsasign NPM version =4.8.2, =0.14.7, =2.0.1-alpha.0, =1.0.0, =1.0.0, =2.0.1-alpha.0, =1.0.0, =1.0.0, =1.0.17-beta.7, =1.0.0-beta.0, =1.0.0, =0.4.1, =1.0.1, =1.0.7 and more Source cves: CVE-2020-14966 Source advisory: OSV:GHSA-P8C3-7RJ8-Q963...

7.5CVSS7.1AI score0.01116EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2020/06/26 4:54 p.m.73 views

ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

7.5CVSS0.5AI score0.01116EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2020/06/22 12:15 p.m.16 views

CVE-2020-14966

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a...

7.5CVSS6.7AI score
Exploits0References6
CVE
CVE
added 2020/06/22 11:20 a.m.68 views

CVE-2020-14966

The CVE-2020-14966 issue affects the jsrsasign package up to version 8.0.18 in Node.js. Root cause: malleability in ECDSA signatures from insufficient checks of ASN.1/DER encoding, specifically overflow in sequence length and prepended/appended zeroes to integers, allowing altered signatures to v...

7.5CVSS7.4AI score0.01116EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder