Aggregates CVE and security vulnerability intelligence across all relic_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk denial of service, and vendor risk integer handling and related problems; some flaws may lead to vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-51939 | An issue in the cp_bbs_sig function in relic/src/cp/relic_cp_bbs.c of Relic relic-toolkit 0.6.0 allows a remote attacker to obtain sensitive information and escalate privileges via the cp_bbs_sig function. | [email protected] | 8.8 | 1.27% | 2024-02-01 | 2025-06-16 |
| CVE-2023-36327 | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. | [email protected] | 9.8 | 0.11% | 2023-09-01 | 2024-11-21 |
| CVE-2023-36326 | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | [email protected] | 9.8 | 0.11% | 2023-09-01 | 2024-11-21 |
| CVE-2020-36316 | In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. | [email protected] | 5.5 | 0.26% | 2021-04-07 | 2024-11-21 |
| CVE-2020-36315 | In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occur because certain checks of the padding (and of the first two bytes) are inadequate. NOTE: this requires that a low public exponent (such as 3) is being used. The product, by default, does not generate RSA keys with such a low number. | [email protected] | 5.3 | 0.13% | 2021-04-07 | 2024-11-21 |