Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-48JG-H3CV-MQVX

Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11
VLAI
Details

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-20T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side\u0027s signature on the client side, if that signature is not included in the server\u0027s ServerKeyExchange.",
  "id": "GHSA-48jg-h3cv-mqvx",
  "modified": "2022-05-24T19:11:49Z",
  "published": "2022-05-24T19:11:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34433"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=575281"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-48RW-J489-928M

Vulnerability from github – Published: 2020-06-05 16:13 – Updated: 2021-06-15 17:44
VLAI
Summary
Signature wrapping vulnerability in Spring Security
Details

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.0"
            },
            {
              "fixed": "5.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.security:spring-security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.3.0"
            },
            {
              "fixed": "5.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-04T19:19:34Z",
    "nvd_published_at": "2020-05-13T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.",
  "id": "GHSA-48rw-j489-928m",
  "modified": "2021-06-15T17:44:45Z",
  "published": "2020-06-05T16:13:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5407"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r73af928cf64bebf78b7fa4bc56a5253273ec7829f5f5827f64c72fc7@%3Cissues.servicemix.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ra19a4e7236877fe12bfb52db07b27ad72d9e7a9f5e27bba7e928e18a@%3Cdev.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd99601fbca514f214f88f9e53fd5be3cfbff05b350c994b4ec2e184c@%3Cdev.geode.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://tanzu.vmware.com/security/cve-2020-5407"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Signature wrapping vulnerability in Spring Security"
}

GHSA-49Q7-C7J4-3P7M

Vulnerability from github – Published: 2024-08-02 09:31 – Updated: 2025-11-04 16:52
VLAI
Summary
Elliptic allows BER-encoded signatures
Details

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.5.6"
      },
      "package": {
        "ecosystem": "npm",
        "name": "elliptic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.1"
            },
            {
              "fixed": "6.5.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-05T13:51:26Z",
    "nvd_published_at": "2024-08-02T07:16:10Z",
    "severity": "LOW"
  },
  "details": "In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.",
  "id": "GHSA-49q7-c7j4-3p7m",
  "modified": "2025-11-04T16:52:52Z",
  "published": "2024-08-02T09:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42461"
    },
    {
      "type": "WEB",
      "url": "https://github.com/indutny/elliptic/pull/317"
    },
    {
      "type": "WEB",
      "url": "https://github.com/indutny/elliptic/commit/accb61e9c1a005e5c8ff96a8b33893100bb42d11"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/indutny/elliptic"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20241004-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Elliptic allows BER-encoded signatures"
}

GHSA-4C73-WX52-99CM

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1375"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-24T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-4c73-wx52-99cm",
  "modified": "2022-05-24T17:45:12Z",
  "published": "2022-05-24T17:45:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1375"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4CH4-JP34-QWGW

Vulnerability from github – Published: 2024-12-19 00:37 – Updated: 2024-12-19 00:37
VLAI
Details

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41145"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-18T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams\u0027s access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application\u0027s permissions.",
  "id": "GHSA-4ch4-jp34-qwgw",
  "modified": "2024-12-19T00:37:35Z",
  "published": "2024-12-19T00:37:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41145"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1990"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4FGQ-GQ9G-3RW7

Vulnerability from github – Published: 2019-09-23 18:32 – Updated: 2021-04-01 20:57
VLAI
Summary
Improper Verification of Cryptographic Signature in keycloak
Details

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.0.1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-19T15:26:01Z",
    "nvd_published_at": "2019-08-14T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "It was found that Keycloak\u0027s SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the \u003cSignature\u003e sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.",
  "id": "GHSA-4fgq-gq9g-3rw7",
  "modified": "2021-04-01T20:57:58Z",
  "published": "2019-09-23T18:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10201"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10201"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Verification of Cryptographic Signature in keycloak"
}

GHSA-4FJV-PMHG-3RFG

Vulnerability from github – Published: 2020-12-04 16:47 – Updated: 2024-10-07 21:07
VLAI
Summary
Multiple cryptographic issues in Python oic
Details

Impact

  • Client implementations using this library

Issues

1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA none algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future)

Patches

1) IdToken signature is now always checked. 2) JWA none algorithm is now allowed only if using the response_type code 3) IdToken verification is now done automatically. 4) iat claim is now checked for sanity.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "oic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26244"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-02T20:06:06Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\n* Client implementations using this library\n\n### Issues\n1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg.\n2) JWA `none` algorithm was allowed in all flows.\n3) `oic.consumer.Consumer.parse_authz` returns an unverified IdToken. The verification of the token was left to the discretion of the implementator.\n4) `iat` claim was not checked for sanity (i.e. it could be in the future)\n\n### Patches\n1) IdToken signature is now always checked.\n2) JWA `none` algorithm is now allowed only if using the `response_type` `code`\n3) IdToken verification is now done automatically.\n4) `iat` claim is now checked for sanity.",
  "id": "GHSA-4fjv-pmhg-3rfg",
  "modified": "2024-10-07T21:07:21Z",
  "published": "2020-12-04T16:47:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26244"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenIDC/pyoidc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/oic/PYSEC-2020-69.yaml"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/oic"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Multiple cryptographic issues in Python oic"
}

GHSA-4G52-PQCJ-PHVH

Vulnerability from github – Published: 2021-05-21 16:23 – Updated: 2021-05-20 20:51
VLAI
Summary
BLS Signature "Malleability"
Details

Impact

  1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays.
  2. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block.

The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique.

Patches

By switching from the go based blst bindings over to the bindings in filecoin-ffi, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393

References

  • Original POC: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/filecoin-project/lotus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21405"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-20T20:51:00Z",
    "nvd_published_at": "2021-04-15T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n1. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms - \"serialized\", and \"compressed\", meaning that BLS signatures can be provided as either of 2 unique byte arrays.\n2. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block.\n\nThe result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique.\n\n### Patches\n\nBy switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized.\nThis happened in https://github.com/filecoin-project/lotus/pull/5393\n\n\n### References\n\n- Original POC: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754",
  "id": "GHSA-4g52-pqcj-phvh",
  "modified": "2021-05-20T20:51:00Z",
  "published": "2021-05-21T16:23:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21405"
    },
    {
      "type": "WEB",
      "url": "https://github.com/filecoin-project/lotus/pull/5393"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "BLS Signature \"Malleability\""
}

GHSA-4G63-C64M-25W9

Vulnerability from github – Published: 2022-07-21 22:33 – Updated: 2022-07-21 22:33
VLAI
Summary
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
Details

Impact

SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected.

The contracts that may be affected are those that use SignatureChecker to check the validity of a signature and handle invalid signatures in a way other than reverting. We believe this to be unlikely.

Patches

The issue was patched in 4.7.1.

References

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552

For more information

If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at security@openzeppelin.com.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openzeppelin/contracts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openzeppelin/contracts-upgradeable"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31172"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-21T22:33:37Z",
    "nvd_published_at": "2022-07-22T04:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\n`SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8\u0027s `abi.decode` allows some cases to revert, given a target contract that doesn\u0027t implement EIP-1271 as expected.\n\nThe contracts that may be affected are those that use `SignatureChecker` to check the validity of a signature and handle invalid signatures in a way other than reverting. We believe this to be unlikely.\n\n### Patches\n\nThe issue was patched in 4.7.1.\n\n### References\n\nhttps://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552\n\n### For more information\n\nIf you have any questions or comments about this advisory, or need assistance deploying the fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).",
  "id": "GHSA-4g63-c64m-25w9",
  "modified": "2022-07-21T22:33:37Z",
  "published": "2022-07-21T22:33:37Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4g63-c64m-25w9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31172"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3552"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenZeppelin Contracts\u0027s SignatureChecker may revert on invalid EIP-1271 signers"
}

GHSA-4H6J-V5PX-XWG7

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-11-15 21:35
VLAI
Details

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31847"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-347",
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-22T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.",
  "id": "GHSA-4h6j-v5px-xwg7",
  "modified": "2023-11-15T21:35:02Z",
  "published": "2022-05-24T19:15:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31847"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10369"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1104"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.