Upstream information

CVE-2020-0601 at MITRE

Description

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having critical severity.

SUSE Bugzilla entry: 1160989 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Wed Jan 15 05:28:57 2020
CVE page last modified: Mon Sep 9 15:42:44 2024