CVE-2020-36843

CVSS v3.1

4.3

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: EdDSA-Java (aka ed25519-java) versions 0.3.0 and earlier

Description: The implementation of EdDSA in EdDSA-Java exhibits signature malleability and does not satisfy the SUF-CMA property. This allows attackers to create new valid signatures different from previous signatures for a known message.

Recommendations: For EdDSA-Java versions 0.3.0 and earlier, consider updating to a version that addresses the signature malleability issue to prevent attackers from creating new valid signatures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

AZL-73250

BDU:2026-01711

CVE-2020-36843

ECHO-4633-35AE-FCC7

GHSA-P53J-G8PW-4W5F

OESA-2025-1334

OPENSUSE-SU-2025:14892-1

OPENSUSE-SU-2025_1029-1

OPENSUSE-SU-2026:10919-1

SUSE-SU-2025:1029-1

SUSE-SU-2025_1029-1

Affected Products

Eddsa-Java

Suse

CVE-2020-36843

Weakness Enumeration

Related Identifiers

Affected Products

References · 27