Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-6G5X-X9XJ-HXM2

Vulnerability from github – Published: 2023-02-01 06:30 – Updated: 2023-02-08 18:30
VLAI
Details

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-01T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.",
  "id": "GHSA-6g5x-x9xj-hxm2",
  "modified": "2023-02-08T18:30:23Z",
  "published": "2023-02-01T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34459"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000204950/dsa-2022-298"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6GVQ-JCMP-8959

Vulnerability from github – Published: 2025-12-16 00:43 – Updated: 2025-12-20 02:32
VLAI
Summary
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
Details

Impact

A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modified expiration value. This may allow previously solved challenges to be reused beyond their intended lifetime, depending on server-side replay handling and deployment assumptions.

The vulnerability primarily impacts abuse-prevention mechanisms such as rate limiting and bot mitigation. It does not directly affect data confidentiality or integrity.

Patches

This issue has been addressed by enforcing explicit semantic separation between challenge parameters and the nonce during HMAC computation.

Users are advised to upgrade to patched versions.

Workarounds

As a mitigation, implementations may append a delimiter to the end of the salt value prior to HMAC computation (for example, <salt>?expires=<time>&). This prevents ambiguity between parameters and the nonce and is backward-compatible with existing implementations, as the delimiter is treated as a standard URL parameter separator.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "altcha-lib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "altcha-org/altcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/altcha-org/altcha-lib-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.altcha:altcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "altcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "altcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Hex",
        "name": "altcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-68113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-115",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-16T00:43:52Z",
    "nvd_published_at": "2025-12-16T01:15:53Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modified expiration value. This may allow previously solved challenges to be reused beyond their intended lifetime, depending on server-side replay handling and deployment assumptions.\n\nThe vulnerability primarily impacts abuse-prevention mechanisms such as rate limiting and bot mitigation. It does not directly affect data confidentiality or integrity. \n\n### Patches\n\nThis issue has been addressed by enforcing explicit semantic separation between challenge parameters and the nonce during HMAC computation.\n\nUsers are advised to upgrade to patched versions.\n\n### Workarounds\n\nAs a mitigation, implementations may append a delimiter to the end of the `salt` value prior to HMAC computation (for example, `\u003csalt\u003e?expires=\u003ctime\u003e\u0026`). This prevents ambiguity between parameters and the nonce and is backward-compatible with existing implementations, as the delimiter is treated as a standard URL parameter separator.",
  "id": "GHSA-6gvq-jcmp-8959",
  "modified": "2025-12-20T02:32:17Z",
  "published": "2025-12-16T00:43:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib/security/advisories/GHSA-6gvq-jcmp-8959"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib-ex/commit/09b2bad466ad0338a5b24245380950ea9918333e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib-go/commit/4a5610745ef79895a67bac858b2e4f291c2614b8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib-java/commit/69277651fdd6418ae10bf3a088901506f9c62114"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib-php/commit/9e9e70c864a9db960d071c77c778be0c9ff1a4d0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib-rb/commit/4fd7b64cbbfc713f3ca4e066c2dd466e3b8d359b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib/commit/cb95d83a8d08e273b6be15e48988e7eaf60d5c08"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/altcha-org/altcha-lib"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib-java/releases/tag/v1.3.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib-php/releases/tag/v1.3.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/altcha-org/altcha-lib/releases/tag/1.4.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/altcha/CVE-2025-68113.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay"
}

GHSA-6HP4-RQ8J-6V6J

Vulnerability from github – Published: 2026-03-09 09:30 – Updated: 2026-03-09 09:30
VLAI
Details

A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-09T09:16:01Z",
    "severity": "HIGH"
  },
  "details": "A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.",
  "id": "GHSA-6hp4-rq8j-6v6j",
  "modified": "2026-03-09T09:30:31Z",
  "published": "2026-03-09T09:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41767"
    },
    {
      "type": "WEB",
      "url": "https://www.mbs-solutions.de/mbs-2025-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6J86-V54W-73W8

Vulnerability from github – Published: 2023-06-13 18:30 – Updated: 2024-04-04 04:47
VLAI
Details

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T18:15:21Z",
    "severity": "HIGH"
  },
  "details": " Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.",
  "id": "GHSA-6j86-v54w-73w8",
  "modified": "2024-04-04T04:47:46Z",
  "published": "2023-06-13T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34120"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6JQJ-F58P-MRW3

Vulnerability from github – Published: 2021-12-20 18:17 – Updated: 2024-05-31 17:46
VLAI
Summary
Denial of Service in TenderMint
Details

Description

Denial of Service

Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. (It is a misconfiguration to reuse chainIDs.) Correct block proposers will accidentally include signatures for the wrong block if they see these signatures, and then commits won't validate, making all proposed blocks invalid. A malicious validator (even with a minimal amount of stake) can use this vulnerability to completely halt the network.

Tendermint 0.33.6 checks all the signatures are for the block with +2/3 majority before creating a commit.

False Witness

Tendermint 0.33.1 and above are no longer fully verifying commit signatures during block execution - they stop after +2/3. This means proposers can propose blocks that contain valid +2/3 signatures and then the rest of the signatures can be whatever they want. They can claim that all the other validators signed just by including a CommitSig with arbitrary signature data. While this doesn't seem to impact safety of Tendermint per se, it means that Commits may contain a lot of invalid data **.

** This was already true of blocks, since they could include invalid txs filled with garbage, but in that case the application knew that they are invalid and could punish the proposer. But since applications didn't--and don't-- verify commit signatures directly (they trust Tendermint to do that), they won't be able to detect it.

This can impact incentivization logic in the application that depends on the LastCommitInfo sent in BeginBlock, which includes which validators signed. For instance, Gaia incentivizes proposers with a bonus for including more than +2/3 of the signatures. But a proposer can now claim that bonus just by including arbitrary data for the final -1/3 of validators without actually waiting for their signatures. There may be other tricks that can be played because of this.

Tendermint 0.33.6 verifies all the signatures during block execution ***.

*** Please note that the light client does not check nil votes and exits as soon as 2/3+ of the signatures are checked.

Impact

  • All nodes
  • The network stops due to having a commit with a wrong signature.

Patches

  • v0.33.6 andn v0.34.0-dev1.0.20200702134149-480b995a3172

Workarounds

No workarounds.

References

  • https://github.com/tendermint/tendermint/issues/4926

For more information

If you have any questions or comments about this advisory: * Open an issue in tendermint/tendermint * Email us at security@tendermint.com

More information can be found here.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/tendermint/tendermint"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.33.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15091"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-24T20:49:56Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Description\n\n**Denial of Service**\n\nTendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. (It is a [misconfiguration](https://docs.tendermint.com/master/tendermint-core/using-tendermint.html) to reuse chainIDs.) Correct block proposers will accidentally include signatures for the wrong block if they see these signatures, and then commits won\u0027t validate, making all proposed blocks invalid. A malicious validator (even with a minimal amount of stake) can use this vulnerability to completely halt the network.\n\nTendermint 0.33.6 checks all the signatures are for the block with +2/3 majority before creating a commit.\n\n**False Witness**\n\nTendermint 0.33.1 and above are no longer fully verifying commit signatures during block execution - they stop after +2/3. This means proposers can propose blocks that contain valid +2/3 signatures and then the rest of the signatures can be whatever they want. They can claim that all the other validators signed just by including a CommitSig with arbitrary signature data. While this doesn\u0027t seem to impact safety of Tendermint per se, it means that Commits may contain a lot of invalid data **.\n\n_** This was already true of blocks, since they could include invalid txs filled with garbage, but in that case the application knew that they are invalid and could punish the proposer. But since applications didn\u0027t--and don\u0027t-- verify commit signatures directly (they trust Tendermint to do that), they won\u0027t be able to detect it._\n\nThis can impact incentivization logic in the application that depends on the LastCommitInfo sent in BeginBlock, which includes which validators signed. For instance, Gaia incentivizes proposers with a bonus for including more than +2/3 of the signatures. But a proposer can now claim that bonus just by including arbitrary data for the final -1/3 of validators without actually waiting for their signatures. There may be other tricks that can be played because of this.\n\nTendermint 0.33.6 verifies all the signatures during block execution ***.\n\n_*** Please note that the light client does not check nil votes and exits as soon as 2/3+ of the signatures are checked._\n\n### Impact\n\n- All nodes\n- The network stops due to having a commit with a wrong signature.\n\n### Patches\n\n- v0.33.6 andn v0.34.0-dev1.0.20200702134149-480b995a3172\n\n### Workarounds\n\nNo workarounds.\n\n### References\n\n- https://github.com/tendermint/tendermint/issues/4926\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [tendermint/tendermint](https://github.com/tendermint/tendermint)\n* Email us at [security@tendermint.com](mailto:security@tendermint.com)\n\nMore information can be found [here](https://tendermint.com/security/).",
  "id": "GHSA-6jqj-f58p-mrw3",
  "modified": "2024-05-31T17:46:56Z",
  "published": "2021-12-20T18:17:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/security/advisories/GHSA-6jqj-f58p-mrw3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15091"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/issues/4926"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/pull/5426"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/commit/480b995a31727593f58b361af979054d17d84340"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tendermint/tendermint"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tendermint/tendermint/blob/master/CHANGELOG.md#v0336"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2021-0090"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Denial of Service in TenderMint"
}

GHSA-6M7W-FFCP-F725

Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-04-20 00:01
VLAI
Details

A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21134"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-28T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A firmware update vulnerability exists in the \u0026quot;update\u0026quot; firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.",
  "id": "GHSA-6m7w-ffcp-f725",
  "modified": "2022-04-20T00:01:44Z",
  "published": "2022-01-29T00:00:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21134"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1447"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6PCX-JF98-3W2H

Vulnerability from github – Published: 2026-04-16 06:31 – Updated: 2026-04-16 06:31
VLAI
Details

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from the request before accepting payment status across the Redsys, Bizum, and Google Pay gateway flows. This makes it possible for unauthenticated attackers to forge payment callback data and mark pending orders as paid when they know a valid order key and order amount, potentially allowing checkout completion and product or service fulfillment without a successful payment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5050"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T06:16:20Z",
    "severity": "HIGH"
  },
  "details": "The Payment Gateway for Redsys \u0026 WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from the request before accepting payment status across the Redsys, Bizum, and Google Pay gateway flows. This makes it possible for unauthenticated attackers to forge payment callback data and mark pending orders as paid when they know a valid order key and order amount, potentially allowing checkout completion and product or service fulfillment without a successful payment.",
  "id": "GHSA-6pcx-jf98-3w2h",
  "modified": "2026-04-16T06:31:23Z",
  "published": "2026-04-16T06:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5050"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3501998/woo-redsys-gateway-light"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80544889-8efc-4aa0-a690-774b1ee6a1a0?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6QHV-4H7R-2G9M

Vulnerability from github – Published: 2025-06-20 18:08 – Updated: 2025-06-27 22:02
VLAI
Summary
rfc3161-client has insufficient verification for timestamp response signatures
Details

Impact

rfc3161-client 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR's embedded certificates up to the trusted root(s), but fails to verify the TSR's own signature against the timestamping leaf certificates. Consequently, vulnerable versions perform insufficient signature validation to properly consider a TSR verified, as the attacker can introduce any TSR signature so long as the embedded leaf chains up to some root TSA.

Patches

Users should immediately upgrade to rfc3161-client 1.0.3 or later.

Workarounds

There is no workaround possible. Users should immediately upgrade to a fixed version.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "rfc3161-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-52556"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-20T18:08:40Z",
    "nvd_published_at": "2025-06-21T02:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\n`rfc3161-client` 1.0.2 and earlier contain a flaw in their timestamp response signature verification logic. In particular, it performs chain verification against the TSR\u0027s embedded certificates up to the trusted root(s), but fails to verify the TSR\u0027s own signature against the timestamping leaf certificates. Consequently, vulnerable versions perform insufficient signature validation to properly consider a TSR verified, as the attacker can introduce _any_ TSR signature so long as the embedded leaf chains up to some root TSA.\n\n### Patches\n\nUsers should immediately upgrade to `rfc3161-client` 1.0.3 or later.\n\n### Workarounds\n\nThere is no workaround possible. Users should immediately upgrade to a fixed version.",
  "id": "GHSA-6qhv-4h7r-2g9m",
  "modified": "2025-06-27T22:02:46Z",
  "published": "2025-06-20T18:08:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/rfc3161-client/security/advisories/GHSA-6qhv-4h7r-2g9m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52556"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trailofbits/rfc3161-client/commit/724a184f953e3f171f85cb223871172b41b0d0dc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/trailofbits/rfc3161-client"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "rfc3161-client has insufficient verification for timestamp response signatures"
}

GHSA-6R88-384V-FG82

Vulnerability from github – Published: 2022-05-13 01:23 – Updated: 2022-05-13 01:23
VLAI
Details

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-1498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-19T10:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.",
  "id": "GHSA-6r88-384v-fg82",
  "modified": "2022-05-13T01:23:27Z",
  "published": "2022-05-13T01:23:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1498"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=935618"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201504-01"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-18.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6V48-QPG5-FJ4M

Vulnerability from github – Published: 2023-09-13 18:31 – Updated: 2024-01-25 18:30
VLAI
Details

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.

This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20135"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-13T17:15:09Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\n\n This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device.",
  "id": "GHSA-6v48-qpg5-fj4m",
  "modified": "2024-01-25T18:30:43Z",
  "published": "2023-09-13T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20135"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.