CVE-2020-36843 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-36843 PUBLISHED

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

EPSS 0.03% · 6.9th percentile

Risk Scores

EPSS Score

0.03%

6.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	ruby-ed25519	1.2.4-2, 1.3.0+ds-1, 1.2.4-2build1
Ubuntu:25.10	ruby-ed25519	0, 1.4.0+ds-1, 1.3.0+ds-1build5
Ubuntu:25.10	libeddsa-java	0.3.0-2.1, 0.3.0-2, 0
Ubuntu:20.04:LTS	ruby-ed25519	0, 1.2.4-1, 1.2.4-1build1
Ubuntu:24.04:LTS	ruby-ed25519	1.3.0+ds-1build4, 1.3.0+ds-1build3, 1.3.0+ds-1build2

Timeline

Mar 13, 2025 CVE Published
Mar 14, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Apr 9, 2025 EPSS Score
Apr 22, 2025 EPSS Score
May 5, 2025 EPSS Score
May 18, 2025 EPSS Score
May 31, 2025 EPSS Score
Jun 13, 2025 EPSS Score
Jun 26, 2025 EPSS Score
Jul 9, 2025 EPSS Score
Jul 22, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2020-36843 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-36843 third-party-advisory
https://eprint.iacr.org/2020/1244 third-party-advisory
https://github.com/str4d/ed25519-java/issues/82#issue-727629226 third-party-advisory
Multiples vulnérabilités dans Oracle Database Server advisory
Multiples vulnérabilités dans les produits VMware advisory

Open in Interactive Console →