QSearchQSearch

CVE-2020-14966

7.5 HIGH

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js

Published: 2020-06-22 · Last updated: 2026-06-22

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE
CWE-347

Affected products

VendorProduct
kjurjsrsasign, max_data
netappjsrsasign, max_data

Description

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2025-22134 When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because... (4.2 MEDIUM)
  • CVE-2024-21262 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC) (6.5 MEDIUM)
  • CVE-2024-43374 The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling (4.5 MEDIUM)
  • CVE-2023-21968 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (3.7 LOW)
  • CVE-2023-28531 ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints (9.8 CRITICAL)

Same CWE

  • CVE-2026-42743 Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions (6.5 MEDIUM)
  • CVE-2026-48558 SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authenticati... (10.0 CRITICAL)
  • CVE-2026-50010 Netty is a network application framework for development of protocol servers and clients (7.5 HIGH)
  • CVE-2026-50634 A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticate... (6.5 MEDIUM)
  • CVE-2026-41005 Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from th... (9.0 CRITICAL)