CVE-2020-36316 Information
Jun 07, 2022
cve
Description
In RELIC before 2021-04-03 there is a buffer overflow in PKCS1 v1.5 signature verification because garbage bytes can be present.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Reference
https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80 https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2 https://github.com/relic-toolkit/relic/ https://github.com/relic-toolkit/relic/issues/155
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.5
Share on: