CVE-2020-36316

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/16/2021 01:55:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Certain versions of Relic from Relic Project contain the following vulnerability:

In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.

  • CVE-2020-36316 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
GitHub - relic-toolkit/relic: Code github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/
GitHub - relic-toolkit/relic at 32eb4c257fc80328061d66639b1cdb35dbed51a2 github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2
Fix #154 and #155 by inverting the padding check logic and being more… · relic-toolkit/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80
buffer overflow in PKCS1v1.5 signature verification · Issue #155 · relic-toolkit/relic · GitHub github.com
text/html
URL Logo MISC github.com/relic-toolkit/relic/issues/155

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationRelic ProjectRelicAllAllAllAll
  • cpe:2.3:a:relic_project:relic:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2020-36316 : In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification becau… twitter.com/i/web/status/1… 2021-04-07 21:06:06