CNNVD-202601-3906 Information

CNNVD ID

CNNVD-202601-3906

Related CVE

CVE-2026-23965

• CNNVD Published: 2026-01-22

Description (Chinese)

sm-crypto是june01个人开发者的一个加密算法。 sm-crypto 0.4.0之前版本存在数据伪造问题漏洞，该漏洞源于SM2签名验证逻辑存在缺陷，可能导致签名伪造。

Description (English)

The sm-crypto is an encryption algorithm for the June01 personal developer. Before sm-crypto 0.4.0, there was a loophole in the problem of data forgery, which stemmed from deficiencies in the SM2 signature verification logic, which could lead to the forgery of the signature.

Hazard Level

Medium

Vulnerability Type

数据伪造问题

Affected Vendor

个人开发者

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/JuneAndGreen/sm-crypto/commit/85295a859d0766222d12ce2be3e6fce7b438b510 https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-hpwg-xg7m-3p6m

Patch

https://github.com/JuneAndGreen/sm-crypto