relic_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk denial of service, and vendor risk integer handling があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-51939 | An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. | [email protected] | 8.8 | 0.93% | 2024-02-01 | 2025-06-16 |
| CVE-2023-36327 | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. | [email protected] | 9.8 | 0.78% | 2023-09-01 | 2024-11-21 |
| CVE-2023-36326 | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | [email protected] | 9.8 | 0.78% | 2023-09-01 | 2024-11-21 |
| CVE-2020-36316 | In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. | [email protected] | 5.5 | 1.16% | 2021-04-07 | 2024-11-21 |
| CVE-2020-36315 | In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. | [email protected] | 5.3 | 0.93% | 2021-04-07 | 2024-11-21 |