AZL-73250

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73250.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-73250

Upstream

CVE-2020-36843

Published

2025-03-13T06:15:34Z

Modified

2026-04-21T04:33:50.899844Z

Summary

CVE-2020-36843 affecting package ed25519-java for versions less than 0.3.0-1

Details

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-36843

Affected packages

Azure Linux:3 / ed25519-java

Package

Name: ed25519-java
Purl: pkg:rpm/azure-linux/ed25519-java

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.3.0-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73250.json"