2 matches found
CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
CVE-2015-9258
CVE-2015-9258 concerns Docker Notary prior to 0.1. The vulnerability lies in gotuf/signed/verify.go where the Signature Algorithm Not Matched to Key allows an attacker who controls the signature-algorithm field to forge a signature by forcing RSA-PSS key data to be interpreted as Ed25519 elliptic...