relic-toolkit/relic

relic-toolkit/relic

Releases12

Frequency1 year 4 months

Last Release over 1 year ago

Stars508

Code

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-51939 ↗	Feb 1, 2024Thursday, 1 February 2024, 07:15	8.8 HIGH	—
An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function.
CVE-2023-36326 ↗	Sep 1, 2023Friday, 1 September 2023, 16:15	9.8 CRITICAL	—
Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function.
CVE-2023-36327 ↗	Sep 1, 2023Friday, 1 September 2023, 16:15	9.8 CRITICAL	—
Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function.
CVE-2020-36315 ↗	Apr 7, 2021Wednesday, 7 April 2021, 21:15	5.3 MEDIUM	5 MEDIUM
In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number.
CVE-2020-36316 ↗	Apr 7, 2021Wednesday, 7 April 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.