Lucene search
Veracode Vulnerability DatabaseVERACODE:25736HistoryJun 23, 2020 - 1:31 a.m.
Malleable ECDSA Signature
2020-06-2301:31:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
EPSS
0.009
Percentile
83.0%
jsrsasign uses a malleable ECDSA signature. The vulnerability exists as it does not check for overflows in the length of a sequence, and allows 0 characters appended or prepended to an integer to be verified as the same as without the extra 0 characters.
References
github.com/advisories/GHSA-p8c3-7rj8-q963
github.com/kjur/jsrsasign/commit/59cc1cce9467cdaafd42bdf272434ef8acbe7189
github.com/kjur/jsrsasign/issues/437
github.com/kjur/jsrsasign/releases/tag/8.0.17
github.com/kjur/jsrsasign/releases/tag/8.0.18
github.com/kjur/jsrsasign/releases/tag/8.0.19
kjur.github.io/jsrsasign/
security.netapp.com/advisory/ntap-20200724-0001/
www.npmjs.com/package/jsrsasign
Related
cvelist
cvelist
CVE-2020-14966
2020-06-22 11:20:13
github
github
osv
osv
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
2020-06-26 16:54:15
CVE-2020-14966
2020-06-22 12:15:10
prion
prion
Design/Logic Flaw
2020-06-22 12:15:00
cve
cve
CVE-2020-14966
2020-06-22 12:15:10
f5
f5
K000132744 : Node.js vulnerability CVE-2020-14966
2023-02-24 00:00:00
nvd
nvd
CVE-2020-14966
2020-06-22 12:15:10