CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51939
https://notcve.org/view.php?id=CVE-2023-51939
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. Un problema en la función cp_bbs_sig en relic/src/cp/relic_cp_bbs.c de Relic relic-toolkit 0.6.0 permite a un atacante remoto obtener información confidencial y escalar privilegios a través de la función cp_bbs_sig. • https://gist.github.com/liang-junkai/1b59487c0f7002fa5da98035b53e409f https://github.com/liang-junkai/Relic-bbs-fault-injection https://github.com/relic-toolkit/relic/issues/284 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36327
https://notcve.org/view.php?id=CVE-2023-36327
Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. Una vulnerabilidad de desbordamiento de enteros en RELIC antes del commit 421f2e91cf2ba42473d4d54daf24e295679e290e, permite a los atacantes ejecutar código arbitrario y causar una denegación de servicio en el argumento "pos" en la función ""bn_get_prime". • https://github.com/relic-toolkit/relic/commit/421f2e91cf2ba42473d4d54daf24e295679e290e https://groups.google.com/g/relic-discuss/c/A_J2-ArVIAo/m/qgFiXsUJBQAJ?utm_medium=email&utm_source=footer • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36326
https://notcve.org/view.php?id=CVE-2023-36326
Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. Una vulnerabilidad de desbordamiento de enteros en RELIC antes del commit 34580d840469361ba9b5f001361cad659687b9ab, permite a los atacantes ejecutar código arbitrario, causar una denegación de servicio y escalar privilegios al llamar la función realloc en la función bn_grow • https://github.com/relic-toolkit/relic/commit/34580d840469361ba9b5f001361cad659687b9ab https://groups.google.com/g/relic-discuss/c/A_J2-ArVIAo/m/qgFiXsUJBQAJ?utm_medium=email&utm_source=footer • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36315
https://notcve.org/view.php?id=CVE-2020-36315
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. En RELIC antes del 01-08-2020, la falsificación de firma RSA PKCS # 1 v1.5 puede ocurrir porque determinadas comprobaciones de relleno (y de los primeros dos bytes) son inadecuadas. NOTA: esto requiere que un exponente público bajo sea utilizado (como 3). • https://github.com/relic-toolkit/relic https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80 https://github.com/relic-toolkit/relic/issues/154 https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36316
https://notcve.org/view.php?id=CVE-2020-36316
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. En RELIC anterior al 03-04-2021, se presenta un desbordamiento del búfer en la verificación de la firma PKCS#1 v1.5 porque bytes basura pueden estar presentes • https://github.com/relic-toolkit/relic https://github.com/relic-toolkit/relic/commit/76c9a1fdf19d9e92e566a77376673e522aae9f80 https://github.com/relic-toolkit/relic/issues/155 https://github.com/relic-toolkit/relic/tree/32eb4c257fc80328061d66639b1cdb35dbed51a2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •