CVE-2020-36843: 
Java vulnerability analysis and mitigation

The implementation of EdDSA in EdDSA-Java (aka ed25519-java) through version 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA (Strong Existential Unforgeability under Chosen Message Attacks) property. This vulnerability, identified as CVE-2020-36843, was discovered during a security investigation of EdDSA implementations and affects the cryptographic signature verification process (IACR Paper, GitHub Issue).

The vulnerability stems from the absence of proper scalar range validation in the signature verification process. Specifically, the implementation fails to verify that the scalar 's' is within the range [0, L), where L is the order of the larger group. This oversight goes against specifications outlined in RFC 8032 and FIPS 196-5 draft. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N (Jenkins Advisory).

The vulnerability compromises the cryptographic integrity of the signature system by allowing attackers to create new valid signatures that differ from previous signatures for the same message. This weakness particularly affects systems that rely on unique signature properties for security guarantees (IACR Paper).

For Jenkins users, the EDDSA API Plugin has been updated to version 0.3.0.1-16.vcb4a98a_3531c, which inlines the EdDSA-Java library directly into the plugin and adds validation to prevent signature malleability and ensure the SUF-CMA property (Jenkins Advisory).