CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1128 vulnerabilities reference this CWE, most recent first.
GHSA-5PXH-5P72-WVCM
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
{
"affected": [],
"aliases": [
"CVE-2021-28091"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-04T15:15:00Z",
"severity": "HIGH"
},
"details": "Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.",
"id": "GHSA-5pxh-5p72-wvcm",
"modified": "2022-05-24T19:04:06Z",
"published": "2022-05-24T19:04:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28091"
},
{
"type": "WEB",
"url": "https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9"
},
{
"type": "WEB",
"url": "https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SI4YAQF4VEV2KHQ6OXXZL7CJK7IZQ3EG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSVWOHBBWLI2RB5C6TXINFEJRT4YSD3D"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4926"
},
{
"type": "WEB",
"url": "http://listes.entrouvert.com/arc/lasso"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5Q2R-92F9-4M49
Vulnerability from github – Published: 2021-08-25 20:56 – Updated: 2021-10-27 17:03Impact
The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum threshold of unique keys before the metadata is considered valid.
AWS would like to thank Erick Tryzelaar of the Google Fuchsia Team for reporting this issue.
Patches
A fix is available in version 0.7.1.
Workarounds
No workarounds to this issue are known.
References
CVE-2020-6174 is assigned to the same issue in the TUF reference implementation.
https://github.com/theupdateframework/tuf/pull/974 https://nvd.nist.gov/vuln/detail/CVE-2020-6174
For more information
If you have any questions or comments about this advisory, contact AWS Security at aws-security@amazon.com.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "tough"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-15093"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-18T20:40:25Z",
"nvd_published_at": "2020-07-09T19:15:00Z",
"severity": "HIGH"
},
"details": "## Impact\n\nThe tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum threshold of unique keys before the metadata is considered valid.\n\nAWS would like to thank Erick Tryzelaar of the Google Fuchsia Team for reporting this issue. \n\n## Patches\n\nA fix is available in version 0.7.1.\n\n## Workarounds\n\nNo workarounds to this issue are known.\n\n## References\n\nCVE-2020-6174 is assigned to the same issue in the TUF reference implementation.\n\nhttps://github.com/theupdateframework/tuf/pull/974\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6174\n\n## For more information\n\nIf you have any questions or comments about this advisory, [contact AWS Security](https://aws.amazon.com/security/vulnerability-reporting/) at [aws-security@amazon.com](mailto:aws-security@amazon.com).",
"id": "GHSA-5q2r-92f9-4m49",
"modified": "2021-10-27T17:03:38Z",
"published": "2021-08-25T20:56:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/awslabs/tough/security/advisories/GHSA-5q2r-92f9-4m49"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15093"
},
{
"type": "WEB",
"url": "https://github.com/theupdateframework/tuf/pull/974"
},
{
"type": "WEB",
"url": "https://github.com/theupdateframework/tuf/commit/2977188139d065ff3356c3cb4aec60c582b57e0e"
},
{
"type": "PACKAGE",
"url": "https://github.com/awslabs/tough"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper verification of signature threshold in tough"
}
GHSA-5RC8-V3HV-CQCG
Vulnerability from github – Published: 2023-02-28 18:30 – Updated: 2023-03-06 21:30In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041
{
"affected": [],
"aliases": [
"CVE-2023-20940"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-28T17:15:00Z",
"severity": "HIGH"
},
"details": "In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041",
"id": "GHSA-5rc8-v3hv-cqcg",
"modified": "2023-03-06T21:30:19Z",
"published": "2023-02-28T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20940"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-02-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RH9-JC57-95MR
Vulnerability from github – Published: 2024-01-31 21:31 – Updated: 2026-01-15 18:31A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.
{
"affected": [],
"aliases": [
"CVE-2024-21917"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-31T19:15:08Z",
"severity": "CRITICAL"
},
"details": "A vulnerability exists in Rockwell Automation FactoryTalk\u00ae Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. \u00a0If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication.",
"id": "GHSA-5rh9-jc57-95mr",
"modified": "2026-01-15T18:31:25Z",
"published": "2024-01-31T21:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21917"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1660.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5RHG-XHGR-5HFJ
Vulnerability from github – Published: 2022-12-28 03:30 – Updated: 2025-04-11 23:46XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/RobotsAndPencils/go-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.0-20170520135329-fb13cb52a46b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-36563"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T19:48:02Z",
"nvd_published_at": "2022-12-28T03:15:00Z",
"severity": "MODERATE"
},
"details": "XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input.",
"id": "GHSA-5rhg-xhgr-5hfj",
"modified": "2025-04-11T23:46:44Z",
"published": "2022-12-28T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36563"
},
{
"type": "WEB",
"url": "https://github.com/RobotsAndPencils/go-saml/pull/38"
},
{
"type": "WEB",
"url": "https://github.com/RobotsAndPencils/go-saml/commit/4a1b1f5752a029e171965e0510a425d0fdd1eced"
},
{
"type": "PACKAGE",
"url": "https://github.com/RobotsAndPencils/go-saml"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2020-0047"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "go-saml\u0027s XML Digital Signatures use SHA-1"
}
GHSA-5RHM-55RH-PVVP
Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2025-04-20 03:48shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
{
"affected": [],
"aliases": [
"CVE-2017-16852"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-16T17:29:00Z",
"severity": "HIGH"
},
"details": "shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.",
"id": "GHSA-5rhm-55rh-pvvp",
"modified": "2025-04-20T03:48:33Z",
"published": "2022-05-14T03:46:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16852"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/881857"
},
{
"type": "WEB",
"url": "https://git.shibboleth.net/view/?p=cpp-sp.git%3Ba=commit%3Bh=b66cceb0e992c351ad5e2c665229ede82f261b16"
},
{
"type": "WEB",
"url": "https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00025.html"
},
{
"type": "WEB",
"url": "https://shibboleth.net/community/advisories/secadv_20171115.txt"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4038"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5VFQ-RV44-C5FF
Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2025-05-28 18:33By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
{
"affected": [],
"aliases": [
"CVE-2022-38177"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-21T11:15:00Z",
"severity": "HIGH"
},
"details": "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",
"id": "GHSA-5vfq-rv44-c5ff",
"modified": "2025-05-28T18:33:05Z",
"published": "2022-09-22T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38177"
},
{
"type": "WEB",
"url": "https://kb.isc.org/docs/cve-2022-38177"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20221228-0010"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5235"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/09/21/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5VHG-9XG4-CV9M
Vulnerability from github – Published: 2025-06-30 17:44 – Updated: 2025-07-01 13:13Summary
A malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is buffer package
Details
This affects only environments where require('buffer') is https://npmjs.com/buffer
E.g.: browser bundles, React Native apps, etc.
Buffer.isBuffer check can be bypassed, resulting in strange objects being accepted as message, and those messages could trick verify() into returning false-positive true values
v2.x is unaffected as it verifies input to be an actual Uint8Array instance
Such a message can be constructed for any already known message/signature pair There are some restrictions though (also depending on the known message/signature), but not very limiting, see PoC for example
https://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this
PoC
This code deliberately doesn't provide reencode for now, could be updated later
import { randomBytes } from 'crypto'
import tiny from 'tiny-secp256k1' // 1.1.6
// Random keypair
const privateKey = randomBytes(32)
const publicKey = tiny.pointFromScalar(privateKey)
const valid = Buffer.alloc(32).fill(255) // let's sign a static buffer
const signature = tiny.sign(valid, privateKey)
// Prevent processing any unverified data by fail-closed throwing
function verified(data, signature) {
if (!Buffer.isBuffer(data)) data = Buffer.from(data, 'hex')
if (!tiny.verify(data, publicKey, signature)) throw new Error('Signature invalid!')
return new Uint8Array(data)
}
function safeProcess(payload) {
const totally = JSON.parse(payload) // e.g. json over network
const message = verified(totally, signature)
console.log(message instanceof Uint8Array)
console.log(Buffer.from(message).toString('utf8'))
}
const payload = reencode(valid, "Secure contain protect")
safeProcess(payload)
Output (after being bundled):
true
Secure contain protect����
Impact
Malicious messages could crafted to be verified from a given known valid message/signature pair
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.1.6"
},
"package": {
"ecosystem": "npm",
"name": "tiny-secp256k1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-49365"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-30T17:44:14Z",
"nvd_published_at": "2025-07-01T03:15:21Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA malicious JSON-stringifyable message can be made passing on `verify()`, when global Buffer is [`buffer` package](https://www.npmjs.com/package/buffer)\n\n### Details\n\nThis affects only environments where `require(\u0027buffer\u0027)` is \u003chttps://npmjs.com/buffer\u003e\nE.g.: browser bundles, React Native apps, etc.\n\n`Buffer.isBuffer` check can be bypassed, resulting in strange objects being accepted as `message`, and those messages could trick `verify()` into returning false-positive `true` values\n\nv2.x is unaffected as it verifies input to be an actual `Uint8Array` instance\n\nSuch a message can be constructed for any already known message/signature pair\nThere are some restrictions though (also depending on the known message/signature), but not very limiting, see PoC for example\n\nhttps://github.com/bitcoinjs/tiny-secp256k1/pull/140 is a subtle fix for this\n\n### PoC\n\nThis code deliberately doesn\u0027t provide `reencode` for now, could be updated later\n\n```js\nimport { randomBytes } from \u0027crypto\u0027\nimport tiny from \u0027tiny-secp256k1\u0027 // 1.1.6\n\n// Random keypair\nconst privateKey = randomBytes(32)\nconst publicKey = tiny.pointFromScalar(privateKey)\n\nconst valid = Buffer.alloc(32).fill(255) // let\u0027s sign a static buffer\nconst signature = tiny.sign(valid, privateKey)\n\n// Prevent processing any unverified data by fail-closed throwing\nfunction verified(data, signature) {\n if (!Buffer.isBuffer(data)) data = Buffer.from(data, \u0027hex\u0027)\n if (!tiny.verify(data, publicKey, signature)) throw new Error(\u0027Signature invalid!\u0027)\n return new Uint8Array(data)\n}\n\nfunction safeProcess(payload) {\n const totally = JSON.parse(payload) // e.g. json over network\n\n const message = verified(totally, signature)\n console.log(message instanceof Uint8Array)\n console.log(Buffer.from(message).toString(\u0027utf8\u0027)) \n}\n\nconst payload = reencode(valid, \"Secure contain protect\")\nsafeProcess(payload)\n```\n\nOutput (after being bundled):\n```console\ntrue\nSecure contain protect\ufffd\ufffd\ufffd\ufffd\n```\n\n### Impact\n\nMalicious messages could crafted to be verified from a given known valid message/signature pair",
"id": "GHSA-5vhg-9xg4-cv9m",
"modified": "2025-07-01T13:13:38Z",
"published": "2025-06-30T17:44:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-5vhg-9xg4-cv9m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49365"
},
{
"type": "WEB",
"url": "https://github.com/bitcoinjs/tiny-secp256k1/pull/140"
},
{
"type": "PACKAGE",
"url": "https://github.com/bitcoinjs/tiny-secp256k1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "tiny-secp256k1 allows for verify() bypass when running in bundled environment"
}
GHSA-5W25-HXP5-H8C9
Vulnerability from github – Published: 2021-06-21 17:12 – Updated: 2026-01-23 22:42Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-7r96-8g3x-g36m. This link is maintained to preserve external references.
Original Description
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the verifyWithMessage method of tEnvoyNaClSigningKey always returns true for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In tenvoy.js under the verifyWithMessage method definition within the tEnvoyNaClSigningKey class, ensure that the return statement call to this.verify ends in .verified.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tenvoy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-17T18:47:52Z",
"nvd_published_at": "2021-06-16T01:15:00Z",
"severity": "CRITICAL"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-7r96-8g3x-g36m. This link is maintained to preserve external references.\n\n## Original Description\ntEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`.",
"id": "GHSA-5w25-hxp5-h8c9",
"modified": "2026-01-23T22:42:00Z",
"published": "2021-06-21T17:12:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TogaTech/tEnvoy/security/advisories/GHSA-7r96-8g3x-g36m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32685"
},
{
"type": "WEB",
"url": "https://github.com/TogaTech/tEnvoy/commit/a121b34a45e289d775c62e58841522891dee686b"
},
{
"type": "WEB",
"url": "https://github.com/TogaTech/tEnvoy/releases/tag/v7.0.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Improper Verification of Cryptographic Signature",
"withdrawn": "2026-01-23T22:42:00Z"
}
GHSA-5WJQ-9MM7-CCM8
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.
{
"affected": [],
"aliases": [
"CVE-2018-16557"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-13T16:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions \u003c V6.0.9), SIMATIC S7-410 (All versions \u003c V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.",
"id": "GHSA-5wjq-9mm7-ccm8",
"modified": "2022-05-13T01:16:11Z",
"published": "2022-05-13T01:16:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16557"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.