CWE-354
AllowedImproper Validation of Integrity Check Value
Abstraction: Base · Status: Draft
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
231 vulnerabilities reference this CWE, most recent first.
GHSA-GRGJ-CVFC-46JG
Vulnerability from github – Published: 2022-04-22 00:00 – Updated: 2022-05-04 00:00Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected.
{
"affected": [],
"aliases": [
"CVE-2020-14120"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-21T18:15:00Z",
"severity": "HIGH"
},
"details": "Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected.",
"id": "GHSA-grgj-cvfc-46jg",
"modified": "2022-05-04T00:00:39Z",
"published": "2022-04-22T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14120"
},
{
"type": "WEB",
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=145"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GRQR-7R74-RG37
Vulnerability from github – Published: 2022-06-30 00:00 – Updated: 2024-11-04 18:31In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
{
"affected": [],
"aliases": [
"CVE-2022-31266"
],
"database_specific": {
"cwe_ids": [
"CWE-306",
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-29T01:15:00Z",
"severity": "CRITICAL"
},
"details": "In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.",
"id": "GHSA-grqr-7r74-rg37",
"modified": "2024-11-04T18:31:16Z",
"published": "2022-06-30T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31266"
},
{
"type": "WEB",
"url": "https://medium.com/%40bcksec/in-ilias-through-7-10-620c0de685ee"
},
{
"type": "WEB",
"url": "https://medium.com/@bcksec/in-ilias-through-7-10-620c0de685ee"
},
{
"type": "WEB",
"url": "https://www.bcksec.com/services"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H3QC-9GQR-5PWM
Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-20 00:00Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction.
{
"affected": [],
"aliases": [
"CVE-2022-33711"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T14:15:00Z",
"severity": "MODERATE"
},
"details": "Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction.",
"id": "GHSA-h3qc-9gqr-5pwm",
"modified": "2022-07-20T00:00:23Z",
"published": "2022-07-13T00:01:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33711"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H44P-CMMG-HCP9
Vulnerability from github – Published: 2022-06-07 00:00 – Updated: 2022-06-14 00:00In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.
{
"affected": [],
"aliases": [
"CVE-2022-21757"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-06T18:15:00Z",
"severity": "HIGH"
},
"details": "In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.",
"id": "GHSA-h44p-cmmg-hcp9",
"modified": "2022-06-14T00:00:25Z",
"published": "2022-06-07T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21757"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/June-2022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6P5-XFHF-88H8
Vulnerability from github – Published: 2023-10-19 12:30 – Updated: 2024-04-04 08:47Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.
{
"affected": [],
"aliases": [
"CVE-2022-24404"
],
"database_specific": {
"cwe_ids": [
"CWE-353",
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-19T10:15:09Z",
"severity": "HIGH"
},
"details": "Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.",
"id": "GHSA-h6p5-xfhf-88h8",
"modified": "2024-04-04T08:47:17Z",
"published": "2023-10-19T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24404"
},
{
"type": "WEB",
"url": "https://tetraburst.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-H75X-VHRR-WJRQ
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
{
"affected": [],
"aliases": [
"CVE-2022-22253"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T20:15:00Z",
"severity": "HIGH"
},
"details": "The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.",
"id": "GHSA-h75x-vhrr-wjrq",
"modified": "2022-04-19T00:01:20Z",
"published": "2022-04-12T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22253"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/4"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H8QW-575Q-G9C5
Vulnerability from github – Published: 2023-05-24 18:30 – Updated: 2024-04-04 04:19Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.
{
"affected": [],
"aliases": [
"CVE-2023-33981"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-24T18:15:10Z",
"severity": "MODERATE"
},
"details": "Briar before 1.4.22 allows attackers to spoof other users\u0027 messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.",
"id": "GHSA-h8qw-575q-g9c5",
"modified": "2024-04-04T04:19:48Z",
"published": "2023-05-24T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33981"
},
{
"type": "WEB",
"url": "https://briarproject.org/news/2023-three-security-issues-found-and-fixed"
},
{
"type": "WEB",
"url": "https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HCMW-22RW-4V9J
Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2021-12-18 00:01An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.
{
"affected": [],
"aliases": [
"CVE-2021-41067"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T16:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.",
"id": "GHSA-hcmw-22rw-4v9j",
"modified": "2021-12-18T00:01:57Z",
"published": "2021-12-15T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41067"
},
{
"type": "WEB",
"url": "https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e"
},
{
"type": "WEB",
"url": "https://www.listary.com/download"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HFCW-9CJP-85W4
Vulnerability from github – Published: 2024-11-06 03:35 – Updated: 2024-11-06 03:35Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-49406"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-06T03:15:05Z",
"severity": "MODERATE"
},
"details": "Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.",
"id": "GHSA-hfcw-9cjp-85w4",
"modified": "2024-11-06T03:35:09Z",
"published": "2024-11-06T03:35:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49406"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024\u0026month=11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HFX2-WGXQ-FP88
Vulnerability from github – Published: 2024-02-09 12:30 – Updated: 2024-02-15 21:31In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
{
"affected": [],
"aliases": [
"CVE-2024-25678"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-09T10:15:08Z",
"severity": "CRITICAL"
},
"details": "In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.",
"id": "GHSA-hfx2-wgxq-fp88",
"modified": "2024-02-15T21:31:27Z",
"published": "2024-02-09T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25678"
},
{
"type": "WEB",
"url": "https://github.com/litespeedtech/lsquic/commit/515f453556c99d27c4dddb5424898dc1a5537708"
},
{
"type": "WEB",
"url": "https://github.com/litespeedtech/lsquic/releases/tag/v4.0.4"
},
{
"type": "WEB",
"url": "https://www.rfc-editor.org/rfc/rfc9001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.
CAPEC-145: Checksum Spoofing
An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-75: Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.