CVE-2026-23967 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM…
High CVSS: 7.5

CVE-2026-23967

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue.
Vendor
Juneandgreen
Product
Sm-crypto
CWE
CWE-347
Yayın Tarihi
2026-01-22 03:15:47
Güncelleme
2026-02-25 15:31:26
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-347 Sm-crypto HIGH Juneandgreen 2026

Referanslar

https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-qv7w-v773-3xqm