Vulnerability Details CVE-2020-13895
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2020-13895
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.0.31
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.01
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.02
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.021
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.022
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.11
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.12
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.13
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.15
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.16
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.17
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.18
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.19
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.20
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.22
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.23
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.26
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.30
-
cpe:2.3:a:p5-crypt-perl_project:p5-crypt-perl:0.31