CVE-2022-24773
ADVISORY - githubSummary
Impact
RSA PKCS#1 v1.5 signature verification code is not properly checking DigestInfo
for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
Patches
The issue has been addressed in node-forge
1.3.0
.
For more information
If you have any questions or comments about this advisory:
- Open an issue in forge
- Email us at example email address
EPSS Score: 0.00098 (0.418)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Verification of Cryptographic Signature
ADVISORY - github
Improper Verification of Cryptographic Signature
ADVISORY - gitlab
ADVISORY - redhat
Improper Verification of Cryptographic Signature
NIST
CREATED
UPDATED
ADVISORY IDCVE-2022-24773
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
GitHub
CREATED
UPDATED
ADVISORY IDGHSA-2r2c-g63r-vccr
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
Debian
CREATED
UPDATED
ADVISORY IDCVE-2022-24773
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2022-24773
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
CREATED
UPDATED
ADVISORY IDCVE-2022-24773
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)