Common Weakness Enumeration

CWE-354

Allowed

Improper Validation of Integrity Check Value

Abstraction: Base · Status: Draft

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

231 vulnerabilities reference this CWE, most recent first.

GHSA-22G2-GPW7-9PQH

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-16T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.",
  "id": "GHSA-22g2-gpw7-9pqh",
  "modified": "2022-05-24T17:34:19Z",
  "published": "2022-05-24T17:34:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28656"
    },
    {
      "type": "WEB",
      "url": "https://www.contextis.com/en/blog/a-code-signing-bypass-for-the-vw-polo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2326-HX7G-3M9R

Vulnerability from github – Published: 2024-08-12 18:30 – Updated: 2025-03-27 23:38
VLAI
Summary
Apache MINA SSHD: integrity check bypass
Details

Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack

The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.sshd:sshd-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-41909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-12T19:52:15Z",
    "nvd_published_at": "2024-08-12T16:15:15Z",
    "severity": "HIGH"
  },
  "details": "Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which \nsome security features have been downgraded or disabled, aka a Terrapin \nattack\n\nThe mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.",
  "id": "GHSA-2326-hx7g-3m9r",
  "modified": "2025-03-27T23:38:06Z",
  "published": "2024-08-12T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41909"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/issues/445"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/pull/449"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/mina-sshd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241011-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache MINA SSHD: integrity check bypass"
}

GHSA-276F-6JM7-647M

Vulnerability from github – Published: 2024-05-02 15:30 – Updated: 2026-02-17 18:32
VLAI
Details

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-02T13:23:06Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.",
  "id": "GHSA-276f-6jm7-647m",
  "modified": "2026-02-17T18:32:54Z",
  "published": "2024-05-02T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23461"
    },
    {
      "type": "WEB",
      "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos\u0026applicable_version=3.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-29GQ-WQ8X-VFCR

Vulnerability from github – Published: 2023-02-02 18:30 – Updated: 2025-03-26 21:30
VLAI
Details

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-02T17:17:00Z",
    "severity": "MODERATE"
  },
  "details": "The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.",
  "id": "GHSA-29gq-wq8x-vfcr",
  "modified": "2025-03-26T21:30:34Z",
  "published": "2023-02-02T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23120"
    },
    {
      "type": "WEB",
      "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HJl1oFzci"
    },
    {
      "type": "WEB",
      "url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HJl1oFzci"
    },
    {
      "type": "WEB",
      "url": "https://www.trendnet.com/support"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2GG4-V645-J922

Vulnerability from github – Published: 2024-05-02 15:30 – Updated: 2026-02-19 21:30
VLAI
Details

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-41970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-02T13:23:06Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.",
  "id": "GHSA-2gg4-v645-j922",
  "modified": "2026-02-19T21:30:41Z",
  "published": "2024-05-02T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41970"
    },
    {
      "type": "WEB",
      "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows\u0026applicable_version=4.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2MHV-M6H4-3H94

Vulnerability from github – Published: 2023-07-11 18:31 – Updated: 2024-04-04 06:00
VLAI
Details

Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-11T18:15:20Z",
    "severity": "HIGH"
  },
  "details": " Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n",
  "id": "GHSA-2mhv-m6h4-3h94",
  "modified": "2024-04-04T06:00:12Z",
  "published": "2023-07-11T18:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36537"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2XRG-FW6R-W46H

Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-20 00:00
VLAI
Details

An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-18T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.",
  "id": "GHSA-2xrg-fw6r-w46h",
  "modified": "2022-08-20T00:00:40Z",
  "published": "2022-08-19T00:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29549"
    },
    {
      "type": "WEB",
      "url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"
    },
    {
      "type": "WEB",
      "url": "https://blog.qualys.com/vulnerabilities-threat-research"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2022/Sep/10"
    },
    {
      "type": "WEB",
      "url": "http://software.firstworks.com/p/getting-started-with-firebird.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-333W-GRM8-FGCG

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.",
  "id": "GHSA-333w-grm8-fgcg",
  "modified": "2022-05-24T19:15:31Z",
  "published": "2022-05-24T19:15:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22276"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-346H-749J-R28W

Vulnerability from github – Published: 2024-04-25 18:31 – Updated: 2024-04-25 18:31
VLAI
Summary
PHPECC vulnerable to multiple cryptographic side-channel attacks
Details

ECDSA Canonicalization

PHPECC is vulnerable to malleable ECDSA signature attacks.

Constant-Time Signer

When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library (GMP), which does not aim to provide constant-time implementations of algorithms.

An attacker capable of triggering many signatures and studying the time it takes to perform each operation would be able to leak the secret number, k, and thereby learn the private key.

EcDH Timing Leaks

When calculating a shared secret using the EcDH class, the scalar-point multiplication is based on the arithmetic defined by the Point class.

Even though the library implements a Montgomery ladder, the add(), mul(), and getDouble() methods on the Point class are not constant-time. This means that your ECDH private keys are leaking information about each bit of your private key through a timing side-channel.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mdanter/ecc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-354"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T18:31:58Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### ECDSA Canonicalization\n\nPHPECC is vulnerable to malleable ECDSA signature attacks. \n\n### Constant-Time Signer\n\nWhen generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library (GMP), which does not aim to provide constant-time implementations of algorithms.\n\nAn attacker capable of triggering many signatures and studying the time it takes to perform each operation would be able to leak the secret number, `k`, and thereby learn the private key.\n\n### EcDH Timing Leaks\n\nWhen calculating a shared secret using the `EcDH` class, the scalar-point multiplication is based on the arithmetic defined by the `Point` class.\n\nEven though the library implements a Montgomery ladder, the `add()`, `mul()`, and `getDouble()` methods on the `Point` class are not constant-time. This means that your ECDH private keys are leaking information about each bit of your private key through a timing side-channel.",
  "id": "GHSA-346h-749j-r28w",
  "modified": "2024-04-25T18:31:58Z",
  "published": "2024-04-25T18:31:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mdanter/ecc/2024-04-24.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/paragonie/phpecc/releases/tag/v2.0.0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpecc/phpecc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PHPECC vulnerable to multiple cryptographic side-channel attacks"
}

GHSA-346Q-RM44-2J2V

Vulnerability from github – Published: 2023-09-13 18:31 – Updated: 2024-01-25 18:30
VLAI
Details

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354",
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-13T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\n This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.",
  "id": "GHSA-346q-rm44-2j2v",
  "modified": "2024-01-25T18:30:44Z",
  "published": "2023-09-13T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20233"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.

CAPEC-145: Checksum Spoofing

An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.