3 matches found
CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...
CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...
GHSA-PPP5-5V6C-4JWP Forge has signature forgery in RSA-PKCS due to ASN.1 extra field
Summary RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This...