All vulnerabilities
CVE-2022-24773
Improper Verification of Cryptographic Signature in `node-forge`
Description
Impact
RSA PKCS#1 v1.5 signature verification code is not properly checking DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
Patches
The issue has been addressed in node-forge 1.3.0.
For more information
If you have any questions or comments about this advisory:
- Open an issue in forge
- Email us at example email address
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
JavaScript
Publish Date
March 18, 2022
Modified Date
November 7, 2023
Score Vector
Affected Versions
