9 matches found
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
...
SUSE CVE-2018-15836
In verifysignedhash in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2...
CVE-2018-16151
In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...
python-rsa: signature forgery
The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...
python2-rsa: signature forgery
The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...
CVE-2016-1494
The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...
PYSEC-2016-10
The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...
CVE-2016-1494
The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...
CVE-2016-1494
The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...