Lucene search
GoogleOSV:GHSA-2R2C-G63R-VCCRHistoryMar 18, 2022 - 11:10 p.m.
Improper Verification of Cryptographic Signature in `node-forge`
2022-03-1823:10:48
Google
osv.dev
19
rsa pkcs#1
`node-forge`
`digestinfo`
`asn.1 structure`
patched
advisory
security issue
EPSS
0.001
Percentile
35.9%
Impact
RSA PKCS#1 v1.5 signature verification code is not properly checking DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
Patches
The issue has been addressed in node-forge 1.3.0.
For more information
If you have any questions or comments about this advisory:
- Open an issue in forge
- Email us at example email address
References
Related
prion
prion
Design/Logic Flaw
2022-03-18 14:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-24773
2022-03-18 14:15:10
ibm
ibm
veracode
veracode
Insecure Cryptography
2022-03-21 12:01:43
cve
cve
CVE-2022-24773
2022-03-18 14:15:10
debiancve
debiancve
CVE-2022-24773
2022-03-18 14:15:10
redhatcve
redhatcve
CVE-2022-24773
2022-03-23 21:03:43
ubuntucve
ubuntucve
CVE-2022-24773
2022-03-18 00:00:00
github
github
Improper Verification of Cryptographic Signature in `node-forge`
2022-03-18 23:10:48
osv
osv
CVE-2022-24773
2022-03-18 14:15:10
nessus
nessus
RHEL 8 : pcs (Unpatched Vulnerability)
2024-06-03 00:00:00
redhat
redhat