CVE-2020-14966 in jsrsasign Package
Summary
by MITRE
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/22/2026
The vulnerability identified as CVE-2020-14966 affects the jsrsasign package version 8.0.18 and earlier, representing a critical security flaw in elliptic curve digital signature algorithm implementations. This issue resides within the Node.js ecosystem and specifically targets the handling of ECDSA signatures through improper validation of signature structures. The flaw stems from insufficient validation mechanisms that fail to properly check for overflows in sequence lengths and the presence of leading or trailing zero bytes in integer representations within the signature format. This malleability aspect allows attackers to modify signatures without breaking their validity, creating a scenario where multiple distinct signatures can represent the same cryptographic operation.
The technical nature of this vulnerability aligns with CWE-184, which addresses incomplete input validation, and specifically relates to improper handling of signature structures in cryptographic libraries. The flaw operates at the protocol level where signature verification routines accept modified signatures as valid, despite these modifications being technically invalid according to proper cryptographic standards. When an application relies on canonical signature formats for security decisions, this vulnerability creates a significant risk because the same transaction or operation could be represented by multiple different signatures, potentially undermining signature-based authentication systems, replay protection mechanisms, and other security controls that depend on signature uniqueness.
From an operational perspective, this vulnerability could have severe implications for systems utilizing jsrsasign for cryptographic operations, particularly those implementing blockchain protocols, digital signature verification, or any security infrastructure requiring strict signature validation. The impact extends beyond simple signature validation failures to potentially enable unauthorized access, data manipulation, or bypass of security controls that depend on the assumption of canonical signature representations. Attackers could exploit this weakness to create signature variations that maintain validity while potentially altering the intended meaning or execution context of signed operations, making it particularly dangerous in environments where signature integrity is paramount.
Organizations should immediately upgrade to jsrsasign version 8.0.19 or later where this vulnerability has been patched, and implement comprehensive signature validation testing to ensure that no applications are relying on potentially malleable signature formats. Additional mitigations include implementing strict signature format validation, monitoring for unusual signature patterns, and considering the deployment of signature validation libraries that enforce canonical signature formats. The vulnerability demonstrates the critical importance of proper input validation in cryptographic libraries and highlights the need for comprehensive security testing of cryptographic implementations against malleability attacks, which are categorized under the attack technique T1553 in the ATT&CK framework for subverted trust relationships.