Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
sm-crypto Affected by Signature Malleability in SM2-DSA
Vulnerability Description
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
sm-crypto 数据伪造问题漏洞
Vulnerability Description
sm-crypto是june01个人开发者的一个加密算法。 sm-crypto 0.3.14之前版本存在数据伪造问题漏洞,该漏洞源于SM2签名验证逻辑存在可塑性漏洞,可能导致从现有签名衍生出新的有效签名。
CVSS Information
N/A
Vulnerability Type
N/A