Lucene search
GoogleOSV:GHSA-785H-HRF7-GQXCHistoryMay 14, 2022 - 3:28 a.m.
Docker Notary Signature Algorithm Not Matched to Key vulnerability
2022-05-1403:28:46
Google
osv.dev
2
0.001 Low
EPSS
Percentile
37.5%
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/docker/notary | lt | 0.1.0 |
Related
prion
prion
Code injection
2018-03-31 21:29:00
cvelist
cvelist
CVE-2015-9258
2018-03-31 21:00:00
nvd
nvd
CVE-2015-9258
2018-03-31 21:29:00
github
github
Docker Notary Signature Algorithm Not Matched to Key vulnerability
2022-05-14 03:28:46
cve
cve
CVE-2015-9258
2018-03-31 21:29:00
ubuntucve
ubuntucve
CVE-2015-9258
2018-03-31 00:00:00
debiancve
debiancve
CVE-2015-9258
2018-03-31 21:29:00
veracode
veracode
Signature Algorithm Not Verified
2018-04-02 05:29:04