CVE-2022-24771

Improper Verification of Cryptographic Signature in node-forge

Description

Impact

RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.

Patches

The issue has been addressed in node-forge 1.3.0.

References

For more information, please see"Bleichenbacher's RSA signature forgery based on implementation error"by Hal Finney.

For more information

If you have any questions or comments about this advisory:

Open an issue in forge
Email us at example email address

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

JavaScript

Publish Date

March 18, 2022

Modified Date

November 7, 2023

Score Vector

Affected Versions