7 matches found
EUVD-2022-1576
Malicious code in bioql PyPI...
CVE-2020-36316
In RELIC before 2021-04-03, there is a buffer overflow in PKCS1 v1.5 signature verification because garbage bytes can be present...
node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...
node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...
Improper Verification of Cryptographic Signature in node-forge
Impact RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. Patches The issue has been...
CVE-2022-24772
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...
CVE-2020-36316
In RELIC before 2021-04-03, there is a buffer overflow in PKCS1 v1.5 signature verification because garbage bytes can be present...