233 matches found
Code injection
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
CVE-2022-24771
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
UBUNTU-CVE-2022-24771
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
UBUNTU-CVE-2022-24772
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...
Code injection
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...
CVE-2022-24772
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...
CVE-2022-24772
CVE-2022-24772 is a vulnerability in Forge/node-forge where RSA PKCS#1 v1.5 signature verification does not check for trailing garbage after decoding a DigestInfo, enabling signature forging when a low exponent is used. The issue has a fixed remedy in node-forge version 1.3.0. Connected sources c...
CVE-2022-24773
Technical details about CVE-2022-24773 (affected products/versions, root cause, impact, and fixes) are not provided in the connected documents. Monitor for updates from the vendor/CNA disclosures to obtain concrete information.
CVE-2022-24773
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...
CVE-2022-24773 Improper Verification of Cryptographic Signature in `node-forge`
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...
CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
CVE-2022-24771
CVE-2022-24771 affects Forge (node-forge). Prior to 1.3.0, RSA PKCS#1 v1.5 signature verification is lenient, allowing a crafted DigestInfo structure to steal padding bytes and forge a signature when a low public exponent is used. The issue is fixed in node-forge 1.3.0. Practical impact, as state...
CVE-2022-24771
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
PT-2022-16868
Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.3.0 Description The issue concerns the RSA PKCS1 v1.5 signature verification code in node-forge, which does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding...
Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager. Vulnerability Details Third Party Entry: 217313 DESCRIPTION: Nodejs node-forge module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype...
Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-0122 DESCRIPTION: Node.js node-forge could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...
Security Bulletin: IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to URL redirection to untrusted sites due to CVE-2022-0122
Summary The Node.js module node-forge is used internally by the GMail connector, both as an action connector and an event connector. IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to URL redirection to untrusted sites. This bulletin...
Security Bulletin: IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to remote code execution due to GHSA-5rrq-pxf6-6jx5 in node-forge
Summary The Node.js module node-forge is used internally by the GMail connector, both as an action connector and an event connector. IBM App Connect Enterprise Certified Container Designer flows containing GMail connectors maybe vulnerable to remote code execution due to GHSA-5rrq-pxf6-6jx5. This...