Количество 2
Количество 2
CVE-2020-14966
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.
GHSA-p8c3-7rj8-q963
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-14966 An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature. | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| GHSA-p8c3-7rj8-q963 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
Уязвимостей на страницу