CVE-2020-36843 — Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check

Description

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

How to fix CVE-2020-36843

To remediate CVE-2020-36843, upgrade the affected package to a fixed version below.

—upgrade to 0.3.0-2.1 or later
—no fix listed
—upgrade to 0.9.39 or later

Is CVE-2020-36843 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.3.0-2.1
from 0, <= 0.3.0
from 0, < 0.9.39

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-36843
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-36843
PATCHgithub.com/str4d/ed25519-java
WEBeprint.iacr.org/2020/1244