CNNVD-202601-3904 Information

CNNVD ID

CNNVD-202601-3904

Related CVE

CVE-2026-23967

• CNNVD Published: 2026-01-22

Description (Chinese)

sm-crypto是june01个人开发者的一个加密算法。 sm-crypto 0.3.14之前版本存在数据伪造问题漏洞，该漏洞源于SM2签名验证逻辑存在可塑性漏洞，可能导致从现有签名衍生出新的有效签名。

Description (English)

The sm-crypto is an encryption algorithm for the June01 personal developer. The previous version of sm-crypto 0.3.14 had a loophole in the problem of data forgery, which stemmed from the plasticity gap in the SM2 signature certification logic, which could lead to new valid signatures being derived from existing signatures.

Hazard Level

Medium

Vulnerability Type

数据伪造问题

Affected Vendor

个人开发者

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-qv7w-v773-3xqm

Patch

https://github.com/JuneAndGreen/sm-crypto