Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-5PXH-5P72-WVCM

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04
VLAI
Details

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-04T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.",
  "id": "GHSA-5pxh-5p72-wvcm",
  "modified": "2022-05-24T19:04:06Z",
  "published": "2022-05-24T19:04:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28091"
    },
    {
      "type": "WEB",
      "url": "https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9"
    },
    {
      "type": "WEB",
      "url": "https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SI4YAQF4VEV2KHQ6OXXZL7CJK7IZQ3EG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSVWOHBBWLI2RB5C6TXINFEJRT4YSD3D"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4926"
    },
    {
      "type": "WEB",
      "url": "http://listes.entrouvert.com/arc/lasso"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5Q2R-92F9-4M49

Vulnerability from github – Published: 2021-08-25 20:56 – Updated: 2021-10-27 17:03
VLAI
Summary
Improper verification of signature threshold in tough
Details

Impact

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum threshold of unique keys before the metadata is considered valid.

AWS would like to thank Erick Tryzelaar of the Google Fuchsia Team for reporting this issue.

Patches

A fix is available in version 0.7.1.

Workarounds

No workarounds to this issue are known.

References

CVE-2020-6174 is assigned to the same issue in the TUF reference implementation.

https://github.com/theupdateframework/tuf/pull/974 https://nvd.nist.gov/vuln/detail/CVE-2020-6174

For more information

If you have any questions or comments about this advisory, contact AWS Security at aws-security@amazon.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "tough"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15093"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-18T20:40:25Z",
    "nvd_published_at": "2020-07-09T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "## Impact\n\nThe tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum threshold of unique keys before the metadata is considered valid.\n\nAWS would like to thank Erick Tryzelaar of the Google Fuchsia Team for reporting this issue. \n\n## Patches\n\nA fix is available in version 0.7.1.\n\n## Workarounds\n\nNo workarounds to this issue are known.\n\n## References\n\nCVE-2020-6174 is assigned to the same issue in the TUF reference implementation.\n\nhttps://github.com/theupdateframework/tuf/pull/974\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6174\n\n## For more information\n\nIf you have any questions or comments about this advisory, [contact AWS Security](https://aws.amazon.com/security/vulnerability-reporting/) at [aws-security@amazon.com](mailto:aws-security@amazon.com).",
  "id": "GHSA-5q2r-92f9-4m49",
  "modified": "2021-10-27T17:03:38Z",
  "published": "2021-08-25T20:56:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/awslabs/tough/security/advisories/GHSA-5q2r-92f9-4m49"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15093"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/tuf/pull/974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/tuf/commit/2977188139d065ff3356c3cb4aec60c582b57e0e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/awslabs/tough"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0024.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper verification of signature threshold in tough"
}

GHSA-5RC8-V3HV-CQCG

Vulnerability from github – Published: 2023-02-28 18:30 – Updated: 2023-03-06 21:30
VLAI
Details

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-28T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041",
  "id": "GHSA-5rc8-v3hv-cqcg",
  "modified": "2023-03-06T21:30:19Z",
  "published": "2023-02-28T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20940"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2023-02-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5RH9-JC57-95MR

Vulnerability from github – Published: 2024-01-31 21:31 – Updated: 2026-01-15 18:31
VLAI
Details

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory.  If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21917"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-31T19:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability exists in Rockwell Automation FactoryTalk\u00ae Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. \u00a0If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.",
  "id": "GHSA-5rh9-jc57-95mr",
  "modified": "2026-01-15T18:31:25Z",
  "published": "2024-01-31T21:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21917"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1660.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5RHG-XHGR-5HFJ

Vulnerability from github – Published: 2022-12-28 03:30 – Updated: 2025-04-11 23:46
VLAI
Summary
go-saml's XML Digital Signatures use SHA-1
Details

XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/RobotsAndPencils/go-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.0-20170520135329-fb13cb52a46b"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36563"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T19:48:02Z",
    "nvd_published_at": "2022-12-28T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.",
  "id": "GHSA-5rhg-xhgr-5hfj",
  "modified": "2025-04-11T23:46:44Z",
  "published": "2022-12-28T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36563"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RobotsAndPencils/go-saml/pull/38"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RobotsAndPencils/go-saml/commit/4a1b1f5752a029e171965e0510a425d0fdd1eced"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/RobotsAndPencils/go-saml"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2020-0047"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "go-saml\u0027s XML Digital Signatures use SHA-1"
}

GHSA-5RHM-55RH-PVVP

Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2025-04-20 03:48
VLAI
Details

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-16T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.",
  "id": "GHSA-5rhm-55rh-pvvp",
  "modified": "2025-04-20T03:48:33Z",
  "published": "2022-05-14T03:46:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16852"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/881857"
    },
    {
      "type": "WEB",
      "url": "https://git.shibboleth.net/view/?p=cpp-sp.git%3Ba=commit%3Bh=b66cceb0e992c351ad5e2c665229ede82f261b16"
    },
    {
      "type": "WEB",
      "url": "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://shibboleth.net/community/advisories/secadv_20171115.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4038"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5VFQ-RV44-C5FF

Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2025-05-28 18:33
VLAI
Details

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-38177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-21T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
  "id": "GHSA-5vfq-rv44-c5ff",
  "modified": "2025-05-28T18:33:05Z",
  "published": "2022-09-22T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38177"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2022-38177"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202210-25"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20221228-0010"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5235"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5VHG-9XG4-CV9M

Vulnerability from github – Published: 2025-06-30 17:44 – Updated: 2025-07-01 13:13
VLAI
Summary
tiny-secp256k1 allows for verify() bypass when running in bundled environment
Details

Summary

A malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is buffer package

Details

This affects only environments where require('buffer') is https://npmjs.com/buffer E.g.: browser bundles, React Native apps, etc.

Buffer.isBuffer check can be bypassed, resulting in strange objects being accepted as message, and those messages could trick verify() into returning false-positive true values

v2.x is unaffected as it verifies input to be an actual Uint8Array instance

Such a message can be constructed for any already known message/signature pair There are some restrictions though (also depending on the known message/signature), but not very limiting, see PoC for example

https://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this

PoC

This code deliberately doesn't provide reencode for now, could be updated later

import { randomBytes } from 'crypto'
import tiny from 'tiny-secp256k1' // 1.1.6

// Random keypair
const privateKey = randomBytes(32)
const publicKey = tiny.pointFromScalar(privateKey)

const valid = Buffer.alloc(32).fill(255) // let's sign a static buffer
const signature = tiny.sign(valid, privateKey)

// Prevent processing any unverified data by fail-closed throwing
function verified(data, signature) {
  if (!Buffer.isBuffer(data)) data = Buffer.from(data, 'hex')
  if (!tiny.verify(data, publicKey, signature)) throw new Error('Signature invalid!')
  return new Uint8Array(data)
}

function safeProcess(payload) {
  const totally = JSON.parse(payload) // e.g. json over network

  const message = verified(totally, signature)
  console.log(message instanceof Uint8Array)
  console.log(Buffer.from(message).toString('utf8'))  
}

const payload = reencode(valid, "Secure contain protect")
safeProcess(payload)

Output (after being bundled):

true
Secure contain protect����

Impact

Malicious messages could crafted to be verified from a given known valid message/signature pair

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "tiny-secp256k1"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-49365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-30T17:44:14Z",
    "nvd_published_at": "2025-07-01T03:15:21Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nA malicious JSON-stringifyable message can be made passing on `verify()`, when global Buffer is [`buffer` package](https://www.npmjs.com/package/buffer)\n\n### Details\n\nThis affects only environments where `require(\u0027buffer\u0027)` is \u003chttps://npmjs.com/buffer\u003e\nE.g.: browser bundles, React Native apps, etc.\n\n`Buffer.isBuffer` check can be bypassed, resulting in strange objects being accepted as `message`, and those messages could trick `verify()` into returning false-positive `true` values\n\nv2.x is unaffected as it verifies input to be an actual `Uint8Array` instance\n\nSuch a message can be constructed for any already known message/signature pair\nThere are some restrictions though (also depending on the known message/signature), but not very limiting, see PoC for example\n\nhttps://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this\n\n### PoC\n\nThis code deliberately doesn\u0027t provide `reencode` for now, could be updated later\n\n```js\nimport { randomBytes } from \u0027crypto\u0027\nimport tiny from \u0027tiny-secp256k1\u0027 // 1.1.6\n\n// Random keypair\nconst privateKey = randomBytes(32)\nconst publicKey = tiny.pointFromScalar(privateKey)\n\nconst valid = Buffer.alloc(32).fill(255) // let\u0027s sign a static buffer\nconst signature = tiny.sign(valid, privateKey)\n\n// Prevent processing any unverified data by fail-closed throwing\nfunction verified(data, signature) {\n  if (!Buffer.isBuffer(data)) data = Buffer.from(data, \u0027hex\u0027)\n  if (!tiny.verify(data, publicKey, signature)) throw new Error(\u0027Signature invalid!\u0027)\n  return new Uint8Array(data)\n}\n\nfunction safeProcess(payload) {\n  const totally = JSON.parse(payload) // e.g. json over network\n\n  const message = verified(totally, signature)\n  console.log(message instanceof Uint8Array)\n  console.log(Buffer.from(message).toString(\u0027utf8\u0027))  \n}\n\nconst payload = reencode(valid, \"Secure contain protect\")\nsafeProcess(payload)\n```\n\nOutput (after being bundled):\n```console\ntrue\nSecure contain protect\ufffd\ufffd\ufffd\ufffd\n```\n\n### Impact\n\nMalicious messages could crafted to be verified from a given known valid message/signature pair",
  "id": "GHSA-5vhg-9xg4-cv9m",
  "modified": "2025-07-01T13:13:38Z",
  "published": "2025-06-30T17:44:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-5vhg-9xg4-cv9m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49365"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1/pull/140"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bitcoinjs/tiny-secp256k1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "tiny-secp256k1 allows for verify() bypass when running in bundled environment"
}

GHSA-5W25-HXP5-H8C9

Vulnerability from github – Published: 2021-06-21 17:12 – Updated: 2026-01-23 22:42
VLAI
Summary
Duplicate Advisory: Improper Verification of Cryptographic Signature
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-7r96-8g3x-g36m. This link is maintained to preserve external references.

Original Description

tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In tenvoy.js under the verifyWithMessage method definition within the tEnvoyNaClSigningKey class, ensure that the return statement call to this.verify ends in .verified.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "tenvoy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-17T18:47:52Z",
    "nvd_published_at": "2021-06-16T01:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-7r96-8g3x-g36m. This link is maintained to preserve external references.\n\n## Original Description\ntEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`.",
  "id": "GHSA-5w25-hxp5-h8c9",
  "modified": "2026-01-23T22:42:00Z",
  "published": "2021-06-21T17:12:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TogaTech/tEnvoy/security/advisories/GHSA-7r96-8g3x-g36m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32685"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TogaTech/tEnvoy/commit/a121b34a45e289d775c62e58841522891dee686b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TogaTech/tEnvoy/releases/tag/v7.0.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: Improper Verification of Cryptographic Signature",
  "withdrawn": "2026-01-23T22:42:00Z"
}

GHSA-5WJQ-9MM7-CCM8

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details

A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-13T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions \u003c V6.0.9), SIMATIC S7-410 (All versions \u003c V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",
  "id": "GHSA-5wjq-9mm7-ccm8",
  "modified": "2022-05-13T01:16:11Z",
  "published": "2022-05-13T01:16:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16557"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.