Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-4VHJ-98R6-424H

Vulnerability from github – Published: 2018-10-17 16:23 – Updated: 2025-09-12 19:27
VLAI
Summary
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
Details

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk14"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.38"
            },
            {
              "fixed": "1.56"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk15"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.38"
            },
            {
              "fixed": "1.56"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk15on"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.38"
            },
            {
              "fixed": "1.56"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-1000338"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:59:18Z",
    "nvd_published_at": "2018-06-01T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.",
  "id": "GHSA-4vhj-98r6-424h",
  "modified": "2025-09-12T19:27:36Z",
  "published": "2018-10-17T16:23:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000338"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2927"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bcgit/bc-java"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231006-0011"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3727-1"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate"
}

GHSA-4VQC-WPWG-VH7J

Vulnerability from github – Published: 2026-06-04 17:36 – Updated: 2026-06-04 17:36
VLAI
Summary
kas's late signature validation may allow unnoticed repository manipulations
Details

Impact

So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions.

First of all, the attacker must have gained control of a repository that a kas file of the victim is referencing. Furthermore, the following conditions must be fulfilled: - the victim's kas configuration must include a configuration file from the attacked repository - the repository state is referenced by tag, and no commit ID is specified (this is triggering a warning, though) - the key used for validating the tag or commit signature is stored as file in a repository - no fingerprint for the key is specified - the _source_dir key must not be set by the victim when calling kas (e.g. by avoiding a local .config.yaml)

Given these conditions, the attacker could modify the included kas configuration in way that the key used to validate the tag signature of the attacker's repository could be replaced by an attacker-chosen key.

No other exploit possibilities have been identified so far, but this does not rule out that those may exist.

Patches

The vulnerability was introduced with a2480fe59b6421eb96cf3bd86527ae6e412a331e, commit https://github.com/siemens/kas/commit/5b2114becfc154b16ef496d24f8c2191a2297f57 is resolving this issue. A misuse of _source_dir is resolved by commit https://github.com/siemens/kas/commit/c443c0a1fd0f9bd6a689a44d95a252085fc6da88. Shadowing a commit by a branch of the same name is described in advisory https://github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r and is addressed by commit https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5. All patches have been released along with kas version 5.3.

Workarounds

Pin the expected signature key via its fingerprint, also when storing it as file in a repository.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "kas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.8"
            },
            {
              "fixed": "5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-47192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-04T17:36:03Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\nSo far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions.\n\nFirst of all, the attacker must have gained control of a repository that a kas file of the victim is referencing. Furthermore, the following conditions must be fulfilled:\n - the victim\u0027s kas configuration must include a configuration file from the attacked repository\n - the repository state is referenced by tag, and no commit ID is specified (this is triggering a warning, though)\n - the key used for validating the tag or commit signature is stored as file in a repository\n - no fingerprint for the key is specified\n - the  `_source_dir` key must not be set by the victim when calling kas (e.g. by avoiding a local `.config.yaml`)\n\nGiven these conditions, the attacker could modify the included kas configuration in way that the key used to validate the tag signature of the attacker\u0027s repository could be replaced by an attacker-chosen key.\n\nNo other exploit possibilities have been identified so far, but this does not rule out that those may exist.\n\n### Patches\nThe vulnerability was introduced with a2480fe59b6421eb96cf3bd86527ae6e412a331e, commit https://github.com/siemens/kas/commit/5b2114becfc154b16ef496d24f8c2191a2297f57 is resolving this issue. A misuse of `_source_dir` is resolved by commit https://github.com/siemens/kas/commit/c443c0a1fd0f9bd6a689a44d95a252085fc6da88. Shadowing a commit by a branch of the same name is described in advisory https://github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r and is addressed by commit https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5. All patches have been released along with kas version 5.3.\n\n### Workarounds\nPin the expected signature key via its fingerprint, also when storing it as file in a repository.",
  "id": "GHSA-4vqc-wpwg-vh7j",
  "modified": "2026-06-04T17:36:03Z",
  "published": "2026-06-04T17:36:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/siemens/kas/security/advisories/GHSA-4vqc-wpwg-vh7j"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/siemens/kas/commit/5b2114becfc154b16ef496d24f8c2191a2297f57"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/siemens/kas"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "kas\u0027s late signature validation may allow unnoticed repository manipulations"
}

GHSA-4W9G-4H2X-7QXQ

Vulnerability from github – Published: 2025-04-18 21:31 – Updated: 2025-04-18 21:31
VLAI
Details

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-18T21:15:44Z",
    "severity": "MODERATE"
  },
  "details": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.",
  "id": "GHSA-4w9g-4h2x-7qxq",
  "modified": "2025-04-18T21:31:21Z",
  "published": "2025-04-18T21:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43903"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4WHM-CVQV-V84Q

Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details

Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-04T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-4whm-cvqv-v84q",
  "modified": "2022-05-24T17:40:59Z",
  "published": "2022-05-24T17:40:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1244"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4WX6-WJ3Q-MF77

Vulnerability from github – Published: 2026-03-03 12:31 – Updated: 2026-03-03 12:31
VLAI
Details

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-03T10:16:05Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.",
  "id": "GHSA-4wx6-wj3q-mf77",
  "modified": "2026-03-03T12:31:27Z",
  "published": "2026-03-03T12:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15598"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.348292"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.348292"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.707291"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-4XR6-9WFX-7QVW

Vulnerability from github – Published: 2025-12-11 18:30 – Updated: 2025-12-11 18:30
VLAI
Details

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-11T16:16:27Z",
    "severity": "MODERATE"
  },
  "details": "Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.",
  "id": "GHSA-4xr6-9wfx-7qvw",
  "modified": "2025-12-11T18:30:44Z",
  "published": "2025-12-11T18:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59803"
    },
    {
      "type": "WEB",
      "url": "https://www.foxit.com/support/security-bulletins.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4XX7-2CX3-X473

Vulnerability from github – Published: 2024-09-19 18:30 – Updated: 2024-12-20 17:48
VLAI
Summary
Duplicate Advisory: Keycloak SAML signature validation flaw
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xgfv-xpx8-qhcr. This link is maintained to preserve external references.

Original Description

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-saml-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "25.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-19T19:48:27Z",
    "nvd_published_at": "2024-09-19T16:15:06Z",
    "severity": "MODERATE"
  },
  "details": "# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xgfv-xpx8-qhcr. This link is maintained to preserve external references.\n\n# Original Description\n\nA flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.",
  "id": "GHSA-4xx7-2cx3-x473",
  "modified": "2024-12-20T17:48:24Z",
  "published": "2024-09-19T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8698"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-8698"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:8826"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:8824"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:8823"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6890"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6889"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6888"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6887"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6886"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6882"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6880"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6879"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6878"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: Keycloak SAML signature validation flaw",
  "withdrawn": "2024-12-20T17:48:24Z"
}

GHSA-522R-9946-FW43

Vulnerability from github – Published: 2025-08-06 09:30 – Updated: 2025-08-06 17:39
VLAI
Summary
Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-2x5j-vhc8-9cwm. This link is maintained to preserve external references.

Original Description

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cloudflare/circl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-06T17:39:16Z",
    "nvd_published_at": "2025-08-06T09:15:28Z",
    "severity": "LOW"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2x5j-vhc8-9cwm. This link is maintained to preserve external references.\n\n## Original Description\n\nA flaw was found in CIRCL\u0027s implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.",
  "id": "GHSA-522r-9946-fw43",
  "modified": "2025-08-06T17:39:16Z",
  "published": "2025-08-06T09:30:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8556"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-8556"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371624"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cloudflare/circl"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudflare/circl/tree/v1.6.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results",
  "withdrawn": "2025-08-06T17:39:16Z"
}

GHSA-523F-8C6H-PJ8G

Vulnerability from github – Published: 2022-08-20 00:00 – Updated: 2022-08-25 00:00
VLAI
Details

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-19T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Emerson Electric\u0027s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).",
  "id": "GHSA-523f-8c6h-pj8g",
  "modified": "2022-08-25T00:00:26Z",
  "published": "2022-08-20T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2790"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52F2-92W4-MX97

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-19T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.",
  "id": "GHSA-52f2-92w4-mx97",
  "modified": "2022-05-24T17:18:07Z",
  "published": "2022-05-24T17:18:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12244"
    },
    {
      "type": "WEB",
      "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4691"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/05/19/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.