CVE-2020-36843
Signature Malleability vulnerability in eddsa (Maven)
What is CVE-2020-36843 About?
This vulnerability is a signature malleability issue in the EdDSA-Java library, which means that existing valid signatures can be transformed into new valid signatures for the same message. This can lead to security bypasses or misattribution of signed data. Exploitation is moderately complex as it requires an understanding of cryptographic processes.
Affected Software
- net.i2p.crypto:eddsa
- <=0.3.0
- net.i2p:i2p
- <0.9.39
Technical Details
The EdDSA-Java library, specifically versions through 0.3.0, fails to satisfy the Strong Existential Unforgeability under Chosen Message Attacks (SUF-CMA) property in its EdDSA implementation. This flaw allows an attacker, given a valid signature (r, s) for a particular message m, to compute a different signature (r', s') that is also valid for the same message m. This is typically achieved by exploiting properties of the elliptic curve or the modular arithmetic used in the signature scheme, such as negating 's' or performing other transformations that result in another valid signature pair without invalidating the cryptographic proof of authenticity for the message.
What is the Impact of CVE-2020-36843?
Successful exploitation may allow attackers to forge new valid signatures for known messages, potentially leading to repudiation issues, security bypasses, or the acceptance of manipulated data as legitimate.
What is the Exploitability of CVE-2020-36843?
Exploitation of this signature malleability vulnerability requires a sophisticated understanding of cryptographic protocols and the specific implementation details of EdDSA. There are no direct authentication or privilege requirements to exploit the malleability itself, as it operates on the mathematical properties of generated signatures. Attackers need access to a valid signature and the corresponding message, which they can then transform into a new valid signature. This is a remote exploit scenario as it pertains to the manipulation and verification of digital signatures. The primary risk factor increasing likelihood is the widespread use of vulnerable versions of the EdDSA-Java library in applications that rely on the strong non-malleability of signatures.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-36843?
Available Upgrade Options
- net.i2p:i2p
- <0.9.39 → Upgrade to 0.9.39
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2020-36843
- https://eprint.iacr.org/2020/1244
- https://osv.dev/vulnerability/GHSA-p53j-g8pw-4w5f
- https://github.com/str4d/ed25519-java
- https://github.com/str4d/ed25519-java/issues/82#issue-727629226
- https://eprint.iacr.org/2020/1244
- https://github.com/str4d/ed25519-java/issues/82#issue-727629226
- https://github.com/i2p/i2p.i2p/commit/d7d1dcb5399c61cf2916ccc45aa25b0209c88712#diff-658f7b1aa34b58d27796fccdb8b756c72702d64ae44703374960f1cb89a5a5c3
What are Similar Vulnerabilities to CVE-2020-36843?
Similar Vulnerabilities: CVE-2021-3923 , CVE-2021-3444 , CVE-2016-1000346 , CVE-2019-15848 , CVE-2019-15849
