{"id":"AZL-73250","summary":"CVE-2020-36843 affecting package ed25519-java for versions less than 0.3.0-1","details":"The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This allows attackers to create new valid signatures different from previous signatures for a known message.","modified":"2026-04-21T04:33:50.899844Z","published":"2025-03-13T06:15:34Z","upstream":["CVE-2020-36843"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36843"}],"affected":[{"package":{"name":"ed25519-java","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/ed25519-java"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.0-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73250.json"}}],"schema_version":"1.7.5"}