漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
sm-crypto Affected by Signature Malleability in SM2-DSA
Vulnerability Description
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
sm-crypto 数据伪造问题漏洞
Vulnerability Description
sm-crypto是june01个人开发者的一个加密算法。 sm-crypto 0.3.14之前版本存在数据伪造问题漏洞,该漏洞源于SM2签名验证逻辑存在可塑性漏洞,可能导致从现有签名衍生出新的有效签名。
CVSS Information
N/A
Vulnerability Type
N/A