Описание
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2020-08-01 (исключая)
cpe:2.3:a:relic_project:relic:*:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00133
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.
EPSS
Процентиль: 33%
0.00133
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-327