CWE-354
AllowedImproper Validation of Integrity Check Value
Abstraction: Base · Status: Draft
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
231 vulnerabilities reference this CWE, most recent first.
GHSA-22G2-GPW7-9PQH
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.
{
"affected": [],
"aliases": [
"CVE-2020-28656"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-16T04:15:00Z",
"severity": "HIGH"
},
"details": "The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.",
"id": "GHSA-22g2-gpw7-9pqh",
"modified": "2022-05-24T17:34:19Z",
"published": "2022-05-24T17:34:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28656"
},
{
"type": "WEB",
"url": "https://www.contextis.com/en/blog/a-code-signing-bypass-for-the-vw-polo"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2326-HX7G-3M9R
Vulnerability from github – Published: 2024-08-12 18:30 – Updated: 2025-03-27 23:38Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack
The mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.sshd:sshd-common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.12.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-41909"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-12T19:52:15Z",
"nvd_published_at": "2024-08-12T16:15:15Z",
"severity": "HIGH"
},
"details": "Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with a connection for which \nsome security features have been downgraded or disabled, aka a Terrapin \nattack\n\nThe mitigations to prevent this type of attack were implemented in Apache MINA SSHD 2.12.0, both client and server side. Users are recommended to upgrade to at least this version. Note that both the client and the server implementation must have mitigations applied against this issue, otherwise the connection may still be affected.",
"id": "GHSA-2326-hx7g-3m9r",
"modified": "2025-03-27T23:38:06Z",
"published": "2024-08-12T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41909"
},
{
"type": "WEB",
"url": "https://github.com/apache/mina-sshd/issues/445"
},
{
"type": "WEB",
"url": "https://github.com/apache/mina-sshd/pull/449"
},
{
"type": "WEB",
"url": "https://github.com/apache/mina-sshd/commit/315739e4e9d1dc7a4ff32ea64936982ed0b73e76"
},
{
"type": "WEB",
"url": "https://github.com/apache/mina-sshd/commit/6b0fd46f64bcb75eeeee31d65f10242660aad7c1"
},
{
"type": "WEB",
"url": "https://github.com/apache/mina-sshd/commit/7b2c781640a7a78a9455b86593a1f63c9e8cab92"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/mina-sshd"
},
{
"type": "WEB",
"url": "https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241011-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache MINA SSHD: integrity check bypass"
}
GHSA-276F-6JM7-647M
Vulnerability from github – Published: 2024-05-02 15:30 – Updated: 2026-02-17 18:32An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.
{
"affected": [],
"aliases": [
"CVE-2024-23461"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-02T13:23:06Z",
"severity": "MODERATE"
},
"details": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4.",
"id": "GHSA-276f-6jm7-647m",
"modified": "2026-02-17T18:32:54Z",
"published": "2024-05-02T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23461"
},
{
"type": "WEB",
"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos\u0026applicable_version=3.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29GQ-WQ8X-VFCR
Vulnerability from github – Published: 2023-02-02 18:30 – Updated: 2025-03-26 21:30The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
{
"affected": [],
"aliases": [
"CVE-2023-23120"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-02T17:17:00Z",
"severity": "MODERATE"
},
"details": "The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.",
"id": "GHSA-29gq-wq8x-vfcr",
"modified": "2025-03-26T21:30:34Z",
"published": "2023-02-02T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23120"
},
{
"type": "WEB",
"url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HJl1oFzci"
},
{
"type": "WEB",
"url": "https://hackmd.io/@slASVrz_SrW7NQCsunofeA/HJl1oFzci"
},
{
"type": "WEB",
"url": "https://www.trendnet.com/support"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2GG4-V645-J922
Vulnerability from github – Published: 2024-05-02 15:30 – Updated: 2026-02-19 21:30An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.
{
"affected": [],
"aliases": [
"CVE-2023-41970"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-02T13:23:06Z",
"severity": "MODERATE"
},
"details": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.",
"id": "GHSA-2gg4-v645-j922",
"modified": "2026-02-19T21:30:41Z",
"published": "2024-05-02T15:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41970"
},
{
"type": "WEB",
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=windows\u0026applicable_version=4.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2MHV-M6H4-3H94
Vulnerability from github – Published: 2023-07-11 18:31 – Updated: 2024-04-04 06:00Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-36537"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T18:15:20Z",
"severity": "HIGH"
},
"details": " Improper privilege management in Zoom Rooms before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\n",
"id": "GHSA-2mhv-m6h4-3h94",
"modified": "2024-04-04T06:00:12Z",
"published": "2023-07-11T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36537"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-2XRG-FW6R-W46H
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-20 00:00An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.
{
"affected": [],
"aliases": [
"CVE-2022-29549"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T13:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known legitimate programs). Also, the vendor recommendation is to install this agent software with root privileges. Thus, privilege escalation is possible on systems where any of these pathnames is controlled by a non-root user. An example is /opt/firebird/bin/isql, where the /opt/firebird directory is often owned by the firebird user.",
"id": "GHSA-2xrg-fw6r-w46h",
"modified": "2022-08-20T00:00:40Z",
"published": "2022-08-19T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29549"
},
{
"type": "WEB",
"url": "https://blog.qualys.com/product-tech/2022/08/15/qualys-security-updates-cloud-agent-for-linux"
},
{
"type": "WEB",
"url": "https://blog.qualys.com/vulnerabilities-threat-research"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/168367/Qualys-Cloud-Agent-Arbitrary-Code-Execution.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Sep/10"
},
{
"type": "WEB",
"url": "http://software.firstworks.com/p/getting-started-with-firebird.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-333W-GRM8-FGCG
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.
{
"affected": [],
"aliases": [
"CVE-2021-22276"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.",
"id": "GHSA-333w-grm8-fgcg",
"modified": "2022-05-24T19:15:31Z",
"published": "2022-05-24T19:15:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22276"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A6475\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-346H-749J-R28W
Vulnerability from github – Published: 2024-04-25 18:31 – Updated: 2024-04-25 18:31ECDSA Canonicalization
PHPECC is vulnerable to malleable ECDSA signature attacks.
Constant-Time Signer
When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library (GMP), which does not aim to provide constant-time implementations of algorithms.
An attacker capable of triggering many signatures and studying the time it takes to perform each operation would be able to leak the secret number, k, and thereby learn the private key.
EcDH Timing Leaks
When calculating a shared secret using the EcDH class, the scalar-point multiplication is based on the arithmetic defined by the Point class.
Even though the library implements a Montgomery ladder, the add(), mul(), and getDouble() methods on the Point class are not constant-time. This means that your ECDH private keys are leaking information about each bit of your private key through a timing side-channel.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "mdanter/ecc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-25T18:31:58Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### ECDSA Canonicalization\n\nPHPECC is vulnerable to malleable ECDSA signature attacks. \n\n### Constant-Time Signer\n\nWhen generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library (GMP), which does not aim to provide constant-time implementations of algorithms.\n\nAn attacker capable of triggering many signatures and studying the time it takes to perform each operation would be able to leak the secret number, `k`, and thereby learn the private key.\n\n### EcDH Timing Leaks\n\nWhen calculating a shared secret using the `EcDH` class, the scalar-point multiplication is based on the arithmetic defined by the `Point` class.\n\nEven though the library implements a Montgomery ladder, the `add()`, `mul()`, and `getDouble()` methods on the `Point` class are not constant-time. This means that your ECDH private keys are leaking information about each bit of your private key through a timing side-channel.",
"id": "GHSA-346h-749j-r28w",
"modified": "2024-04-25T18:31:58Z",
"published": "2024-04-25T18:31:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mdanter/ecc/2024-04-24.yaml"
},
{
"type": "WEB",
"url": "https://github.com/paragonie/phpecc/releases/tag/v2.0.0"
},
{
"type": "PACKAGE",
"url": "https://github.com/phpecc/phpecc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "PHPECC vulnerable to multiple cryptographic side-channel attacks"
}
GHSA-346Q-RM44-2J2V
Vulnerability from github – Published: 2023-09-13 18:31 – Updated: 2024-01-25 18:30A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.
{
"affected": [],
"aliases": [
"CVE-2023-20233"
],
"database_specific": {
"cwe_ids": [
"CWE-354",
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-13T17:15:09Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\n This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.",
"id": "GHSA-346q-rm44-2j2v",
"modified": "2024-01-25T18:30:44Z",
"published": "2023-09-13T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20233"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.
CAPEC-145: Checksum Spoofing
An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-75: Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.