CVE-2022-24884 Trivial signature forgery in ecdsautils

2022-05-0523:50:10

CWE-347

GitHub_M

www.cve.org

ecdsautils

ecdsa_verify_legacy

signature forgery

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

0.006

Percentile

77.9%

JSON

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). ecdsa_verify_[prepare_]legacy() does not check whether the signature values r and s are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: ecdsa_verify_list_legacy() will accept an arbitrary number of such forged signatures. Both the ecdsautil verify CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.

CNA Affected

[
  {
    "product": "ecdsautils",
    "vendor": "freifunk-gluon",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.4.1"
      }
    ]
  }
]