CVE-2020-36315 - Vulnerability Details - OpenCVE

In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Relic Project	Relic

Configuration 1 [-]

cpe:2.3:a:relic_project:relic:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/relic-toolkit/relic/
https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80
https://github.com/relic-toolkit/relic/issues/154
https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-07T20:10:30

Updated: 2024-08-04T17:23:10.312Z

Reserved: 2021-04-07T00:00:00

Link: CVE-2020-36315

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-07T21:15:15.870

Modified: 2024-11-21T05:29:15.320

Link: CVE-2020-36315

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-07T20:10:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/relic-toolkit/relic/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/relic-toolkit/relic/issues/154"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36315", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2", "refsource": "MISC", "url": "https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2"}, {"name": "https://github.com/relic-toolkit/relic/", "refsource": "MISC", "url": "https://github.com/relic-toolkit/relic/"}, {"name": "https://github.com/relic-toolkit/relic/issues/154", "refsource": "MISC", "url": "https://github.com/relic-toolkit/relic/issues/154"}, {"name": "https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80", "refsource": "MISC", "url": "https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:10.312Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/relic-toolkit/relic/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/relic-toolkit/relic/issues/154"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36315", "datePublished": "2021-04-07T20:10:30", "dateReserved": "2021-04-07T00:00:00", "dateUpdated": "2024-08-04T17:23:10.312Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:relic_project:relic:*:*:*:*:*:*:*:*", "matchCriteriaId": "30E26998-9B9A-4DAD-BCBA-1022C26623C7", "versionEndExcluding": "2020-08-01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number."}, {"lang": "es", "value": "En RELIC antes del 01-08-2020, la falsificaci\u00f3n de firma RSA PKCS # 1 v1.5 puede ocurrir porque determinadas comprobaciones de relleno (y de los primeros dos bytes) son inadecuadas. NOTA: esto requiere que un exponente p\u00fablico bajo sea utilizado (como 3). El producto, por defecto, no genera claves RSA con un n\u00famero tan bajo"}], "id": "CVE-2020-36315", "lastModified": "2024-11-21T05:29:15.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-07T21:15:15.870", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/issues/154"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/issues/154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}