CVE-2020-36843 Affecting libeddsa-java package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-DEBIAN13-LIBEDDSAJAVA-9480398
- published19 Mar 2025
- disclosed13 Mar 2025
Introduced: 13 Mar 2025
NewCVE-2020-36843 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
How to fix?
There is no fixed version for Debian:13 libeddsa-java.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libeddsa-java package and not the libeddsa-java package as distributed by Debian.
See How to fix? for Debian:13 relevant fixed versions and status.
The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.