CVE-2023-49087 Validation of SignedInfo

2023-11-3005:20:28

CWE-345

GitHub_M

www.cve.org

xml signatures

encryption

validation

hash value

digestvalue

cryptographic signature

signedinfo

canonicalization function

php bug

forge

patch

version 1.6.12

version 5.0.0-alpha.13

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.001

Percentile

17.8%

JSON

xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree (the one that contains the DigestValue) verifies and matches a trusted public key. If an attacker somehow (i.e. by exploiting a bug in PHP’s canonicalization function) manages to manipulate the canonicalized version’s DigestValue, it would be possible to forge the signature. This issue has been patched in version 1.6.12 and 5.0.0-alpha.13.

CNA Affected

[
  {
    "vendor": "simplesamlphp",
    "product": "xml-security",
    "versions": [
      {
        "version": "= 1.6.11",
        "status": "affected"
      },
      {
        "version": "= 5.0.0-alpha.12",
        "status": "affected"
      }
    ]
  }
]