Количество 2
Количество 2
CVE-2026-23967
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue.
GHSA-qv7w-v773-3xqm
sm-crypto Affected by Signature Malleability in SM2-DSA
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-23967 sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue. | CVSS3: 7.5 | 0% Низкий | 18 дней назад |
| GHSA-qv7w-v773-3xqm sm-crypto Affected by Signature Malleability in SM2-DSA | CVSS3: 7.5 | 0% Низкий | 19 дней назад |
Уязвимостей на страницу