Home > Vulnerability Database > CVE-2020-36843

Mend.io Vulnerability Database

CVE-2020-36843

Good to know:

Date: March 12, 2025

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

Severity Score

4.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36843

Url: https://eprint.iacr.org/2020/1244

Url: https://github.com/i2p/i2p.i2p/commit/d7d1dcb5399c61cf2916ccc45aa25b0209c88712#diff-658f7b1aa34b58d27796fccdb8b756c72702d64ae44703374960f1cb89a5a5c3

Url: https://github.com/str4d/ed25519-java/issues/82#issue-727629226

Url: https://github.com/str4d/ed25519-java

Url: https://security-tracker.debian.org/tracker/CVE-2020-36843

Url: https://www.mend.io/vulnerability-database/CVE-2020-36843

Severity Score

4.3

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

Top Fix

Upgrade Version

Upgrade to version net.i2p:i2p:0.9.39

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36843

Good to know:

Date: March 12, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?