Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Improper Verification of Cryptographic Signature in SSHJ (CVE-2020-36843)

Summary The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous...

CVE-2020-36843

The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...

CVE-2020-36843

The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...

PT-2024-33290

Name of the Vulnerable Software and Affected Versions Elliptic package versions prior to 6.5.6 Description The issue concerns the Elliptic package for Node.js, specifically the EDDSA implementation. It does not perform the required check if the signature proofs is within the bounds of the order n...