VDB
CVE-2020-36843
CVE-2020-36843
PUBLISHED
The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.
EPSS 0.03% · 8.4th percentile
Risk Scores
EPSS Score
0.03%
8.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | ruby-ed25519 | 1.3.0+ds-1, 0, 1.2.4-2build1 |
| Ubuntu:25.10 | ruby-ed25519 | 0, 1.3.0+ds-1build5, * |
| Ubuntu:25.10 | libeddsa-java | 0.3.0-2.1, 0, 0.3.0-2 |
| Ubuntu:20.04:LTS | ruby-ed25519 | 0, 1.2.4-1build1, 1.2.4-1 |
| Ubuntu:24.04:LTS | ruby-ed25519 | 1.3.0+ds-1build2, 1.3.0+ds-1build3, 1.3.0+ds-1build4 |
Timeline
- CVE Published
- Mar 14, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Apr 10, 2025 EPSS Score
- Apr 24, 2025 EPSS Score
- May 7, 2025 EPSS Score
- May 21, 2025 EPSS Score
- Jun 3, 2025 EPSS Score
- Jun 17, 2025 EPSS Score
- Jun 30, 2025 EPSS Score
- Jul 14, 2025 EPSS Score
- Jul 28, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36843 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36843 third-party-advisory
- https://eprint.iacr.org/2020/1244 third-party-advisory
- https://github.com/str4d/ed25519-java/issues/82#issue-727629226 third-party-advisory
- Multiples vulnérabilités dans Oracle Database Server advisory
- Multiples vulnérabilités dans les produits VMware advisory