Search criteria
17 vulnerabilities found for openpgpjs by openpgpjs
CVE-2025-47934 (GCVE-0-2025-47934)
Vulnerability from cvelistv5 – Published: 2025-05-19 18:57 – Updated: 2025-05-20 13:02
VLAI?
Title
OpenPGP.js's message signature verification can be spoofed
Summary
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:02:53.093390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:02:58.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openpgpjs",
"vendor": "openpgpjs",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.1, \u003c 5.11.3"
},
{
"status": "affected",
"version": "\u003e= 6.0.0-alpha.0, \u003c 6.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker\u0027s choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker\u0027s choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T18:57:05.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1"
}
],
"source": {
"advisory": "GHSA-8qff-qr5q-5pr8",
"discovery": "UNKNOWN"
},
"title": "OpenPGP.js\u0027s message signature verification can be spoofed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47934",
"datePublished": "2025-05-19T18:57:05.602Z",
"dateReserved": "2025-05-14T10:32:43.529Z",
"dateUpdated": "2025-05-20T13:02:58.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41037 (GCVE-0-2023-41037)
Vulnerability from cvelistv5 – Published: 2023-08-29 16:46 – Updated: 2024-09-30 17:43
VLAI?
Title
Cleartext Signed Message Signature Spoofing in openpgpjs
Summary
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.
Severity ?
4.3 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:19.116832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:43:47.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openpgpjs",
"vendor": "openpgpjs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.10.11"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a \"Hash: ...\" header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the \"Hash: ...\" texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a \"sanitised\" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:46:47.708Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566"
}
],
"source": {
"advisory": "GHSA-ch3c-v47x-4pgp",
"discovery": "UNKNOWN"
},
"title": "Cleartext Signed Message Signature Spoofing in openpgpjs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41037",
"datePublished": "2023-08-29T16:46:47.708Z",
"dateReserved": "2023-08-22T16:57:23.931Z",
"dateUpdated": "2024-09-30T17:43:47.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9155 (GCVE-0-2019-9155)
Vulnerability from cvelistv5 – Published: 2019-08-22 15:48 – Updated: 2024-08-04 21:38
VLAI?
Summary
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cryptographic issue in OpenPGP.js \u003c=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim\u0027s ECDH private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cryptographic issue in OpenPGP.js \u003c=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim\u0027s ECDH private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1",
"refsource": "MISC",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/853",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"name": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9155",
"datePublished": "2019-08-22T15:48:57",
"dateReserved": "2019-02-25T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9154 (GCVE-0-2019-9154)
Vulnerability from cvelistv5 – Published: 2019-08-22 15:39 – Updated: 2024-08-04 21:38
VLAI?
Summary
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to pass off unsigned data as signed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to pass off unsigned data as signed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1",
"refsource": "MISC",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/797",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"name": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9154",
"datePublished": "2019-08-22T15:39:28",
"dateReserved": "2019-02-25T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9153 (GCVE-0-2019-9153)
Vulnerability from cvelistv5 – Published: 2019-08-22 15:30 – Updated: 2024-08-04 21:38
VLAI?
Summary
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a \"standalone\" or \"timestamp\" signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a \"standalone\" or \"timestamp\" signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1",
"refsource": "MISC",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/816",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"name": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9153",
"datePublished": "2019-08-22T15:30:33",
"dateReserved": "2019-02-25T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8013 (GCVE-0-2015-8013)
Vulnerability from cvelistv5 – Published: 2017-07-25 18:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151030 Re: CVE Request: Openpgp.js Critical vulnerability in S2K",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"name": "77088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151030 Re: CVE Request: Openpgp.js Critical vulnerability in S2K",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"name": "77088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151030 Re: CVE Request: Openpgp.js Critical vulnerability in S2K",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"name": "77088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77088"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8013",
"datePublished": "2017-07-25T18:00:00",
"dateReserved": "2015-10-28T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47934 (GCVE-0-2025-47934)
Vulnerability from nvd – Published: 2025-05-19 18:57 – Updated: 2025-05-20 13:02
VLAI?
Title
OpenPGP.js's message signature verification can be spoofed
Summary
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:02:53.093390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:02:58.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openpgpjs",
"vendor": "openpgpjs",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.1, \u003c 5.11.3"
},
{
"status": "affected",
"version": "\u003e= 6.0.0-alpha.0, \u003c 6.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker\u0027s choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker\u0027s choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T18:57:05.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1"
}
],
"source": {
"advisory": "GHSA-8qff-qr5q-5pr8",
"discovery": "UNKNOWN"
},
"title": "OpenPGP.js\u0027s message signature verification can be spoofed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47934",
"datePublished": "2025-05-19T18:57:05.602Z",
"dateReserved": "2025-05-14T10:32:43.529Z",
"dateUpdated": "2025-05-20T13:02:58.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41037 (GCVE-0-2023-41037)
Vulnerability from nvd – Published: 2023-08-29 16:46 – Updated: 2024-09-30 17:43
VLAI?
Title
Cleartext Signed Message Signature Spoofing in openpgpjs
Summary
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.
Severity ?
4.3 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:34:19.116832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:43:47.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openpgpjs",
"vendor": "openpgpjs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.10.11"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a \"Hash: ...\" header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the \"Hash: ...\" texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a \"sanitised\" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-29T16:46:47.708Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566"
}
],
"source": {
"advisory": "GHSA-ch3c-v47x-4pgp",
"discovery": "UNKNOWN"
},
"title": "Cleartext Signed Message Signature Spoofing in openpgpjs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41037",
"datePublished": "2023-08-29T16:46:47.708Z",
"dateReserved": "2023-08-22T16:57:23.931Z",
"dateUpdated": "2024-09-30T17:43:47.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9155 (GCVE-0-2019-9155)
Vulnerability from nvd – Published: 2019-08-22 15:48 – Updated: 2024-08-04 21:38
VLAI?
Summary
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cryptographic issue in OpenPGP.js \u003c=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim\u0027s ECDH private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cryptographic issue in OpenPGP.js \u003c=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim\u0027s ECDH private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1",
"refsource": "MISC",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/853",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"name": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9155",
"datePublished": "2019-08-22T15:48:57",
"dateReserved": "2019-02-25T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9154 (GCVE-0-2019-9154)
Vulnerability from nvd – Published: 2019-08-22 15:39 – Updated: 2024-08-04 21:38
VLAI?
Summary
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to pass off unsigned data as signed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to pass off unsigned data as signed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1",
"refsource": "MISC",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/797",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"name": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9154",
"datePublished": "2019-08-22T15:39:28",
"dateReserved": "2019-02-25T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9153 (GCVE-0-2019-9153)
Vulnerability from nvd – Published: 2019-08-22 15:30 – Updated: 2024-08-04 21:38
VLAI?
Summary
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a \"standalone\" or \"timestamp\" signature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a \"standalone\" or \"timestamp\" signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"name": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1",
"refsource": "MISC",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/816",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"name": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9153",
"datePublished": "2019-08-22T15:30:33",
"dateReserved": "2019-02-25T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8013 (GCVE-0-2015-8013)
Vulnerability from nvd – Published: 2017-07-25 18:00 – Updated: 2024-08-06 08:06
VLAI?
Summary
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151030 Re: CVE Request: Openpgp.js Critical vulnerability in S2K",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"name": "77088",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151030 Re: CVE Request: Openpgp.js Critical vulnerability in S2K",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"name": "77088",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151030 Re: CVE Request: Openpgp.js Critical vulnerability in S2K",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"name": "77088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77088"
},
{
"name": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29",
"refsource": "CONFIRM",
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8013",
"datePublished": "2017-07-25T18:00:00",
"dateReserved": "2015-10-28T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2023-41037
Vulnerability from fkie_nvd - Published: 2023-08-29 17:15 - Updated: 2024-11-21 08:20
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpgpjs:openpgpjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3685F7-C06B-487D-8D10-E192DC1D1589",
"versionEndExcluding": "4.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openpgpjs:openpgpjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF849E0F-852A-48C8-8F9B-15DFE8DD0EBB",
"versionEndExcluding": "5.10.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a \"Hash: ...\" header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the \"Hash: ...\" texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a \"sanitised\" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message."
}
],
"id": "CVE-2023-41037",
"lastModified": "2024-11-21T08:20:25.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-29T17:15:13.003",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/6b43e02a254853f5ff508ebd1b07541f78b7c566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-ch3c-v47x-4pgp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2019-9153
Vulnerability from fkie_nvd - Published: 2019-08-22 16:15 - Updated: 2024-11-21 04:51
Severity ?
Summary
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpgpjs:openpgpjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFF9737-8449-4827-A59B-2602B66D07C1",
"versionEndIncluding": "4.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a \"standalone\" or \"timestamp\" signature."
},
{
"lang": "es",
"value": "Una Comprobaci\u00f3n Inapropiada de una firma criptogr\u00e1fica en OpenPGP.js versiones anteriores a 4.1.2 incluy\u00e9ndola, permite a un atacante falsificar mensajes firmados reemplazando sus firmas con una firma \"standalone\" o \"timestamp\"."
}
],
"id": "CVE-2019-9153",
"lastModified": "2024-11-21T04:51:05.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-22T16:15:10.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-9154
Vulnerability from fkie_nvd - Published: 2019-08-22 16:15 - Updated: 2024-11-21 04:51
Severity ?
Summary
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpgpjs:openpgpjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFF9737-8449-4827-A59B-2602B66D07C1",
"versionEndIncluding": "4.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Verification of a Cryptographic Signature in OpenPGP.js \u003c=4.1.2 allows an attacker to pass off unsigned data as signed."
},
{
"lang": "es",
"value": "Una Comprobaci\u00f3n Inapropiada de una firma criptogr\u00e1fica en OpenPGP.js versiones anteriores a 4.1.2 incluy\u00e9ndola, permite a un atacante pasar datos sin firmar como firmados."
}
],
"id": "CVE-2019-9154",
"lastModified": "2024-11-21T04:51:05.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-22T16:15:10.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-9155
Vulnerability from fkie_nvd - Published: 2019-08-22 16:15 - Updated: 2024-11-21 04:51
Severity ?
Summary
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpgpjs:openpgpjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2449B407-960F-4A15-857F-CC7D1609D733",
"versionEndIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cryptographic issue in OpenPGP.js \u003c=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim\u0027s ECDH private key."
},
{
"lang": "es",
"value": "Un problema criptogr\u00e1fico en OpenPGP.js versiones anteriores a 4.2.0 incluy\u00e9ndola, permite a un atacante que es capaz de proporcionar mensajes falsos y obtener retroalimentaci\u00f3n sobre si el descifrado de estos mensajes logr\u00f3 conducir un ataque de curva no v\u00e1lida para conseguir la clave privada ECDH de la v\u00edctima."
}
],
"id": "CVE-2019-9155",
"lastModified": "2024-11-21T04:51:05.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-22T16:15:10.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.3.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-8013
Vulnerability from fkie_nvd - Published: 2017-07-25 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2015/10/30/5 | Mailing List | |
| cve@mitre.org | http://www.securityfocus.com/bid/77088 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2015/10/30/5 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77088 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openpgpjs:openpgpjs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCC1CCC-1F7B-4C3D-8F75-029BCB2E335A",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message."
},
{
"lang": "es",
"value": "El archivo s2k.js en biblioteca OpenPGP.js descifrar\u00e1 mensajes arbitrarios independientemente de la contrase\u00f1a para claves PGP creadas, lo que permite a los atacantes remotos omitir la autenticaci\u00f3n si el descifrado de mensajes es usado como un mecanismo de autenticaci\u00f3n por medio de un mensaje PGP cifrado sim\u00e9tricamente."
}
],
"id": "CVE-2015-8013",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T18:29:00.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77088"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}