Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1125 vulnerabilities reference this CWE, most recent first.

GHSA-R28H-X6HV-2FQ3

Vulnerability from github – Published: 2021-11-10 20:48 – Updated: 2025-01-20 16:11
VLAI
Summary
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Details

The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.starkbank.ellipticcurve:starkbank-ecdsa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-43570"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-10T18:25:02Z",
    "nvd_published_at": "2021-11-09T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.",
  "id": "GHSA-r28h-x6hv-2fq3",
  "modified": "2025-01-20T16:11:28Z",
  "published": "2021-11-10T20:48:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43570"
    },
    {
      "type": "WEB",
      "url": "https://github.com/starkbank/ecdsa-java/pull/16"
    },
    {
      "type": "WEB",
      "url": "https://github.com/starkbank/ecdsa-java/commit/ed22e484186d6c66d3686bfe39d01bdbabf219b6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/starkbank/ecdsa-java"
    },
    {
      "type": "WEB",
      "url": "https://github.com/starkbank/ecdsa-java/releases/tag/v1.0.1"
    },
    {
      "type": "WEB",
      "url": "https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Verification of Cryptographic Signature in starkbank-ecdsa"
}

GHSA-R2F7-JGHR-R7X9

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI
Details

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-11T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.",
  "id": "GHSA-r2f7-jghr-r7x9",
  "modified": "2022-05-24T19:17:14Z",
  "published": "2022-05-24T19:17:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41831"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757@%3Cannounce.apache.org%3E"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R2G9-49RQ-6P4C

Vulnerability from github – Published: 2022-05-01 02:05 – Updated: 2024-02-08 21:30
VLAI
Details

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-2181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-07-11T04:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the \"Messages waiting\" message.",
  "id": "GHSA-r2g9-49rq-6p4c",
  "modified": "2024-02-08T21:30:31Z",
  "published": "2022-05-01T02:05:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2181"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21260"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=112067698624686\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://pentest.tele-consulting.com/advisories/05_07_06_voip-phones.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/alerts/2005/Jul/1014406.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R382-73HV-R5J2

Vulnerability from github – Published: 2024-04-08 09:31 – Updated: 2024-08-01 15:31
VLAI
Details

Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52538"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T09:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "Vulnerability of package name verification being bypassed in the HwIms module.\nImpact: Successful exploitation of this vulnerability will affect availability.",
  "id": "GHSA-r382-73hv-r5j2",
  "modified": "2024-08-01T15:31:37Z",
  "published": "2024-04-08T09:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52538"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2024/3"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R38M-44FW-H886

Vulnerability from github – Published: 2025-03-03 20:22 – Updated: 2025-03-03 20:22
VLAI
Summary
AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Details

Summary

In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect.

Details

This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The root cause of this vulnerability is similar to https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq

PoC

use ascon_aead::Tag;
use ascon_aead::{Ascon128, Key, Nonce};
use ascon_aead::aead::{AeadInPlace, KeyInit};

fn main() {

    let key = Key::<Ascon128>::from_slice(b"very secret key.");
    let cipher = Ascon128::new(key);

    let nonce = Nonce::<Ascon128>::from_slice(b"unique nonce 012"); // 128-bits; unique per message

    let mut buffer: Vec<u8> = Vec::new(); // Buffer needs 16-bytes overhead for authentication tag
    buffer.extend_from_slice(b"plaintext message");

    // Encrypt `buffer` in-place detached, replacing the plaintext contents with ciphertext
    cipher.encrypt_in_place_detached(nonce, b"", &mut buffer).expect("encryption failure!");

    // Decrypt `buffer` in-place with the wrong tag, ignoring the decryption error
    let _ = cipher.decrypt_in_place_detached(nonce, b"", &mut buffer, Tag::<Ascon128>::from_slice(b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"));

    assert_eq!(&buffer, b"plaintext message");
}

Impact

If a program continues to use the result of decrypt_in_place_detached after a decryption failure, the result will be unauthenticated. This may permit some forms of chosen ciphertext attacks (CCAs).

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.4.2"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "ascon_aead"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-03T20:22:19Z",
    "nvd_published_at": "2025-03-03T17:15:16Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nIn `decrypt_in_place_detached`, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect.\n\n### Details\nThis is because in [decrypt_inplace](https://github.com/RustCrypto/AEADs/blob/8cda109f1128c4c7953a0bb0f53e1056d537e462/ascon-aead/src/asconcore.rs#L350-L364) in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in `buffer`. The root cause of this vulnerability is similar to https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq\n\n### PoC\n```rust\nuse ascon_aead::Tag;\nuse ascon_aead::{Ascon128, Key, Nonce};\nuse ascon_aead::aead::{AeadInPlace, KeyInit};\n\nfn main() {\n\n    let key = Key::\u003cAscon128\u003e::from_slice(b\"very secret key.\");\n    let cipher = Ascon128::new(key);\n\n    let nonce = Nonce::\u003cAscon128\u003e::from_slice(b\"unique nonce 012\"); // 128-bits; unique per message\n\n    let mut buffer: Vec\u003cu8\u003e = Vec::new(); // Buffer needs 16-bytes overhead for authentication tag\n    buffer.extend_from_slice(b\"plaintext message\");\n\n    // Encrypt `buffer` in-place detached, replacing the plaintext contents with ciphertext\n    cipher.encrypt_in_place_detached(nonce, b\"\", \u0026mut buffer).expect(\"encryption failure!\");\n    \n    // Decrypt `buffer` in-place with the wrong tag, ignoring the decryption error\n    let _ = cipher.decrypt_in_place_detached(nonce, b\"\", \u0026mut buffer, Tag::\u003cAscon128\u003e::from_slice(b\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"));\n\n    assert_eq!(\u0026buffer, b\"plaintext message\");\n}\n```\n### Impact\nIf a program continues to use the result of `decrypt_in_place_detached` after a decryption failure, the result will be unauthenticated. This may permit some forms of chosen ciphertext attacks (CCAs).",
  "id": "GHSA-r38m-44fw-h886",
  "modified": "2025-03-03T20:22:19Z",
  "published": "2025-03-03T20:22:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-r38m-44fw-h886"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27498"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RustCrypto/AEADs/commit/d1d749ba57e38e65b0e037cd744d0b17f7254037"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/RustCrypto/AEADs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "AEADs/ascon-aead: Plaintext exposed in decrypt_in_place_detached even on tag verification failure"
}

GHSA-R498-R54R-PXQH

Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31
VLAI
Details

Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-13T18:16:24Z",
    "severity": "HIGH"
  },
  "details": "Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-r498-r54r-pxqh",
  "modified": "2026-01-13T18:31:11Z",
  "published": "2026-01-13T18:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20965"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R5VF-WF4H-82GG

Vulnerability from github – Published: 2025-01-07 15:25 – Updated: 2025-01-22 17:37
VLAI
Summary
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
Details

Impact

Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes.

Patches

matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed.

References

  • Patch: https://github.com/matrix-org/matrix-rust-sdk/pull/3795
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "matrix-sdk-crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52813"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-223",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-07T15:25:52Z",
    "nvd_published_at": "2025-01-07T16:15:35Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nVersions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user\u0027s cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes.\n\n### Patches\n\nmatrix-sdk-crypto 0.8.0 adds a new `VerificationLevel::VerificationViolation` enum variant which indicates that a previously verified identity has been changed.\n\n### References\n\n- Patch: https://github.com/matrix-org/matrix-rust-sdk/pull/3795\n",
  "id": "GHSA-r5vf-wf4h-82gg",
  "modified": "2025-01-22T17:37:49Z",
  "published": "2025-01-07T15:25:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-r5vf-wf4h-82gg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52813"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/matrix-rust-sdk/pull/3795"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/matrix-org/matrix-rust-sdk"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0434.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity"
}

GHSA-R5W3-XM58-JV6J

Vulnerability from github – Published: 2023-01-10 21:09 – Updated: 2023-01-10 22:01
VLAI
Summary
Cargo did not verify SSH host keys
Details

The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks.

This vulnerability has been assigned CVE-2022-46176.

Overview

When an SSH client establishes communication with a server, to prevent MITM attacks the client should check whether it already communicated with that server in the past and what the server's public key was back then. If the key changed since the last connection, the connection must be aborted as a MITM attack is likely taking place.

It was discovered that Cargo never implemented such checks, and performed no validation on the server's public key, leaving Cargo users vulnerable to MITM attacks.

Affected Versions

All Rust versions containing Cargo before 1.66.1 are vulnerable (prior to 0.67.1 for the crates.io package).

Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's url.<base>.insteadOf setting), as that'd cause you to clone the crates.io index through SSH.

Mitigations

We will be releasing Rust 1.66.1 today, 2023-01-10, changing Cargo to check the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible.

Patch files for Rust 1.66.0 are also available here for custom-built toolchains.

For the time being Cargo will not ask the user whether to trust a server's public key during the first connection. Instead, Cargo will show an error message detailing how to add that public key to the list of trusted keys. Note that this might break your automated builds if the hosts you clone dependencies or indexes from are not already trusted.

If you can't upgrade to Rust 1.66.1 yet, we recommend configuring Cargo to use the git CLI instead of its built-in git support. That way, all git network operations will be performed by the git CLI, which is not affected by this vulnerability. You can do so by adding this snippet to your Cargo configuration file:

[net]
git-fetch-with-cli = true

Acknowledgments

Thanks to the Julia Security Team for disclosing this to us according to our security policy!

We also want to thank the members of the Rust project who contributed to fixing this issue. Thanks to Eric Huss and Weihang Lo for writing and reviewing the patch, Pietro Albini for coordinating the disclosure and writing this advisory, and Josh Stone, Josh Triplett and Jacob Finkelman for advising during the disclosure.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.67.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "cargo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.67.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-46176"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-10T21:09:31Z",
    "nvd_published_at": "2023-01-11T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks.\n\nThis vulnerability has been assigned CVE-2022-46176.\n\n## Overview\n\nWhen an SSH client establishes communication with a server, to prevent MITM attacks the client should check whether it already communicated with that server in the past and what the server\u0027s public key was back then. If the key changed since the last connection, the connection must be aborted as a MITM attack is likely taking place.\n\nIt was discovered that Cargo never implemented such checks, and performed no validation on the server\u0027s public key, leaving Cargo users vulnerable to MITM attacks.\n\n## Affected Versions\n\nAll Rust versions containing Cargo before 1.66.1 are vulnerable (prior to 0.67.1 for the crates.io package).\n\nNote that even if you don\u0027t explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git\u0027s [`url.\u003cbase\u003e.insteadOf`][1] setting), as that\u0027d cause you to clone the crates.io index through SSH.\n\n## Mitigations\n\nWe will be releasing Rust 1.66.1 today, 2023-01-10, changing Cargo to check the SSH host key and abort the connection if the server\u0027s public key is not already trusted. We recommend everyone to upgrade as soon as possible.\n\nPatch files for Rust 1.66.0 are also available [here][2] for custom-built toolchains.\n\nFor the time being Cargo will not ask the user whether to trust a server\u0027s public key during the first connection. Instead, Cargo will show an error message detailing how to add that public key to the list of trusted keys. Note that this might break your automated builds if the hosts you clone dependencies or indexes from are not already trusted.\n\nIf you can\u0027t upgrade to Rust 1.66.1 yet, we recommend configuring Cargo to use the `git` CLI instead of its built-in git support. That way, all git network operations will be performed by the `git` CLI, which is not affected by this vulnerability. You can do so by adding this snippet to your [Cargo configuration file](https://doc.rust-lang.org/cargo/reference/config.html):\n\n```toml\n[net]\ngit-fetch-with-cli = true\n```\n\n## Acknowledgments\n\nThanks to the Julia Security Team for disclosing this to us according to our [security policy][3]!\n\nWe also want to thank the members of the Rust project who contributed to fixing this issue. Thanks to Eric Huss and Weihang Lo for writing and reviewing the patch, Pietro Albini for coordinating the disclosure and writing this advisory, and Josh Stone, Josh Triplett and Jacob Finkelman for advising during the disclosure.\n\n[1]: https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf\n[2]: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176\n[3]: https://www.rust-lang.org/policies/security",
  "id": "GHSA-r5w3-xm58-jv6j",
  "modified": "2023-01-10T22:01:00Z",
  "published": "2023-01-10T21:09:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-r5w3-xm58-jv6j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46176"
    },
    {
      "type": "WEB",
      "url": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-lang/cargo"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176"
    },
    {
      "type": "WEB",
      "url": "https://www.rust-lang.org/policies/security"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/05/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cargo did not verify SSH host keys"
}

GHSA-R683-V43C-6XQV

Vulnerability from github – Published: 2025-05-19 22:33 – Updated: 2025-05-19 22:33
VLAI
Summary
samlify SAML Signature Wrapping attack
Details

A Signature Wrapping attack has been found in samlify <v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "samlify"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47949"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-19T22:33:00Z",
    "nvd_published_at": "2025-05-19T20:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "A Signature Wrapping attack has been found in samlify \u003cv2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. \nAn attacker would need a signed XML document by the identity provider.",
  "id": "GHSA-r683-v43c-6xqv",
  "modified": "2025-05-19T22:33:00Z",
  "published": "2025-05-19T22:33:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tngan/samlify/security/advisories/GHSA-r683-v43c-6xqv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47949"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tngan/samlify/commit/115679acd89f0a37ea3ebd8fff7db54fca3e8af3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tngan/samlify"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "samlify SAML Signature Wrapping attack"
}

GHSA-R6GH-RC9C-PPVR

Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-04-04 01:38
VLAI
Details

Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-5299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-13T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit may result in the execution of arbitrary code.",
  "id": "GHSA-r6gh-rc9c-ppvr",
  "modified": "2024-04-04T01:38:14Z",
  "published": "2022-05-24T16:53:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5299"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-phone-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.