CVE-2022-24771

ADVISORY - github

Summary

Impact

RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.

Patches

The issue has been addressed in node-forge 1.3.0.

References

For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.

For more information

If you have any questions or comments about this advisory:

Open an issue in forge
Email us at example email address

EPSS Score⁠: 0.00062 (0.279)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-347⁠

Improper Verification of Cryptographic Signature

ADVISORY - github

CWE-347⁠

Improper Verification of Cryptographic Signature

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-347⁠

Improper Verification of Cryptographic Signature

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-347⁠

Improper Verification of Cryptographic Signature

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.