VYPR
High severityNVD Advisory· Published Jun 22, 2020· Updated Aug 4, 2024

CVE-2020-14966

CVE-2020-14966

Description

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
jsrsasignnpm
>= 4.0.0, < 8.0.198.0.19

Affected products

2

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.