CVE-2020-36843: Ed25519 Signature Malleability in ed25519-java Due to Missing Scalar Range Check

March 13, 2025

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.

References

eprint.iacr.org/2020/1244
github.com/advisories/GHSA-p53j-g8pw-4w5f
github.com/i2p/i2p.i2p/commit/d7d1dcb5399c61cf2916ccc45aa25b0209c88712
github.com/str4d/ed25519-java
github.com/str4d/ed25519-java/issues/82
nvd.nist.gov/vuln/detail/CVE-2020-36843

Detect and mitigate CVE-2020-36843 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →