Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
sm-crypto Affected by Private Key Recovery in SM2-PKE
Vulnerability Description
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions. Version 0.3.14 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
sm-crypto 数据伪造问题漏洞
Vulnerability Description
sm-crypto是june01个人开发者的一个加密算法。 sm-crypto 0.3.14之前版本存在数据伪造问题漏洞,该漏洞源于SM2解密逻辑存在缺陷,可能导致私钥恢复。
CVSS Information
N/A
Vulnerability Type
N/A