{"id":"CVE-2020-13895","details":"Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.","modified":"2026-04-10T04:22:28.067220Z","published":"2020-06-07T01:15:10.550Z","references":[{"type":"ADVISORY","url":"https://github.com/FGasper/p5-Crypt-Perl/issues/14"},{"type":"FIX","url":"https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fgasper/p5-crypt-perl","events":[{"introduced":"0"},{"fixed":"143a88d80c477de0d70cc69d9fd911b134f4d589"},{"fixed":"f960ce75502acf7404187231a706672f8369acb2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.32"}]}}],"versions":["0.01","0.02","0.021","0.022","0.031","0.032","0.11","0.12","0.13","0.15","0.17","0.26","0.30","0.31"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13895.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}