A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature.
A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements.
A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto. By interacting with the SM2 decryption interface multiple times, an attacker can fully recover the private key within approximately several hundred interactions.