Lucene search
K

26 matches found

EUVD
EUVD
added 2026/02/25 6:26 p.m.6 views

EUVD-2026-8679

ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS1 v1.5 Padding Validation...

6.9CVSS5.3AI score0.00177EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/25 6:26 p.m.10 views

ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...

7.5CVSS5.4AI score0.00177EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/25 3:47 p.m.22 views

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

6.9CVSS0.00177EPSS
Exploits0References3
CVE
CVE
added 2026/02/25 3:47 p.m.12 views

CVE-2026-22866

The CVE-2026-22866 entry describes a Bleichenbacher-style RSA signature forgery flaw in Ethereum Name Service (ENS) DNSSEC tooling. In ENS v1.6.2 and earlier, RSASHA256Algorithm and RSASHA1Algorithm do not validate PKCS#1 v1.5 padding correctly and only compare the trailing 32 (or 20) bytes of th...

7.5CVSS5.5AI score0.00177EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:47 p.m.5 views

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

7.5CVSS5.5AI score0.00177EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21935

Name of the Vulnerable Software and Affected Versions Ethereum Name Service ENS versions 1.6.2 and prior Description The RSASHA256Algorithm and RSASHA1Algorithm contracts do not properly validate PKCS1 v1.5 padding when verifying RSA signatures. The contracts only verify the final 32 or 20 bytes ...

7.5CVSS5.9AI score0.00177EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.3 views

SUSE CVE-2006-4340

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

4CVSS7.7AI score0.02145EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.3 views

SUSE CVE-2006-5462

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

6.4CVSS8.8AI score0.02633EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2020/09/25 12:0 a.m.5 views

Multiple packages on Sun Solaris including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier SDK and JRE 1.4.x up to 1.4.2_12 and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice when using an RSA key with exponent 3 removes PKCS-1 padding before generating a hash which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

...

4CVSS7AI score0.03078EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2008/08/13 2:16 p.m.5 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS7AI score0.04894EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/06/30 3:36 p.m.4 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS7AI score0.04894EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/05/20 2:15 p.m.5 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS7AI score0.04894EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/02/09 4:23 p.m.2 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS6.8AI score0.04894EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/02/07 7:57 p.m.4 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS6.8AI score0.04894EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/01/24 12:0 a.m.5 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS6.8AI score0.04894EPSS
Exploits1References4
OSV
OSV
added 2006/11/08 9:7 p.m.1 views

DEBIAN-CVE-2006-5462

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

6.4CVSS7AI score0.02633EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2006/11/08 9:45 a.m.3 views

security flaw

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

6.4CVSS6.2AI score0.02633EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/11/08 8:46 a.m.2 views

security flaw

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

6.4CVSS6.2AI score0.02633EPSS
Exploits0References4
Opera Security Advisories
Opera Security Advisories
added 2006/09/21 12:0 a.m.9 views

A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories

A forged SSL server certificate can be accepted by Opera as a valid certificate – Opera Security Advisories OPCOM Team | September 21, 2006 Summary: A forged SSL server certificate can be accepted by Opera as a valid certificate. Severity: Highly critical Vulnerable versions: Opera for desktop...

5.7AI score
Exploits0References1
OSV
OSV
added 2006/09/15 6:7 p.m.2 views

DEBIAN-CVE-2006-4340

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

4CVSS7.1AI score0.02145EPSS
Exploits0References1
Rows per page
Query Builder