CVE-2020-36315

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/16/2021 01:17:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Certain versions of Relic from Relic Project contain the following vulnerability:

In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.

  • CVE-2020-36315 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE LOW NONE

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
PKCS1v1.5 implementation and Bleichenbacher-style small exponent signature forgery · Issue #154 · relic-toolkit/relic · GitHub github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/issues/154
GitHub - relic-toolkit/relic: Code github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/
GitHub - relic-toolkit/relic at 32eb4c257fc80328061d66639b1cdb35dbed51a2 github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2
Fix #154 and #155 by inverting the padding check logic and being more… · relic-toolkit/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationRelic ProjectRelicAllAllAllAll
  • cpe:2.3:a:relic_project:relic:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2020-36315 : In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of… twitter.com/i/web/status/1… 2021-04-07 21:05:46