CVE-2022-24772

Improper Verification of Cryptographic Signature in node-forge

Description

Impact

RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used.

Patches

The issue has been addressed in node-forge 1.3.0.

References

For more information, please see"Bleichenbacher's RSA signature forgery based on implementation error"by Hal Finney.

For more information

If you have any questions or comments about this advisory:

Open an issue in forge
Email us at example email address

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

JavaScript

Publish Date

March 18, 2022

Modified Date

November 7, 2023

Score Vector

Affected Versions