UBUNTU-CVE-2020-36843

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-36843

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-36843.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-36843

Related

CVE-2020-36843

Published

2025-03-13T06:15:00Z

Modified

2025-04-23T15:08:50Z

Summary

[none]

Details

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

References

Affected packages

Ubuntu:20.04:LTS / ruby-ed25519

Package

Name: ruby-ed25519
Purl: pkg:deb/ubuntu/ruby-ed25519@1.2.4-1build1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.4-1

1.2.4-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ruby-ed25519

Package

Name: ruby-ed25519
Purl: pkg:deb/ubuntu/ruby-ed25519@1.3.0+ds-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.4-2

1.2.4-2build1

1.3.0+ds-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / libeddsa-java

Package

Name: libeddsa-java
Purl: pkg:deb/ubuntu/libeddsa-java@0.3.0-2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.3.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ruby-ed25519

Package

Name: ruby-ed25519
Purl: pkg:deb/ubuntu/ruby-ed25519@1.3.0+ds-1build5?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0+ds-1build4

1.3.0+ds-1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ruby-ed25519

Package

Name: ruby-ed25519
Purl: pkg:deb/ubuntu/ruby-ed25519@1.3.0+ds-1build4?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0+ds-1build2

1.3.0+ds-1build3

1.3.0+ds-1build4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / libeddsa-java

Package

Name: libeddsa-java
Purl: pkg:deb/ubuntu/libeddsa-java@0.3.0-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.3.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / ruby-ed25519

Package

Name: ruby-ed25519
Purl: pkg:deb/ubuntu/ruby-ed25519@1.3.0+ds-1build5?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.0+ds-1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}