CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1123 vulnerabilities reference this CWE, most recent first.
GHSA-GFWW-4W9G-J3MR
Vulnerability from github – Published: 2025-04-23 18:30 – Updated: 2025-04-23 18:30CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of update packages on USB drives. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24356.
{
"affected": [],
"aliases": [
"CVE-2025-2763"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-23T17:16:54Z",
"severity": "MODERATE"
},
"details": "CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of update packages on USB drives. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24356.",
"id": "GHSA-gfww-4w9g-j3mr",
"modified": "2025-04-23T18:30:59Z",
"published": "2025-04-23T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2763"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-179"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQ4H-3GRW-2RHV
Vulnerability from github – Published: 2026-05-07 20:56 – Updated: 2026-05-13 13:28CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
Summary
The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of returning an error, the normal flow would resume, and the input sighash buffer would be left untouched. In scenarios where a previous signature validation could leave a valid sighash in the buffer, an invalid hash-type could be incorrectly accepted, which would create a consensus split between Zebra and zcashd nodes.
Severity
Critical - This is a Consensus Vulnerability that could allow a malicious party to induce network partitioning, service disruption, and potential double-spend attacks against affected nodes.
Note that the impact is currently alleviated by the fact that currently most miners run zcashd.
Affected Versions
Zebra 4.3.1.
Description
Verification of transparent transactions inherits the Bitcoin Script verification code in C++, called from Zebra through a foreign function interface (FFI) with a Rust callback that computes the sighash. The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj added the missing V5 hash-type consensus check on the Rust side, returning None for undefined hash types. However, the FFI bridge only writes to the C++ sighash buffer when the callback returns Some, and the C++ checker reads that buffer unconditionally, so the failure signal is lost.
An attacker could exploit this by:
- Constructing a transparent output spent by a script that runs a valid
OP_CHECKSIGVERIFYimmediately before anOP_CHECKSIGwith an undefined hash type. - The first opcode primes the C++ sighash buffer with a valid digest; the second causes Zebra's callback to return
Nonewhile the C++ checker verifies the invalid signature against the stale digest. - Zebra accepts the spend, zcashd rejects it, creating a consensus split in the network.
Impact
Consensus Failure
- Attack Vector: Network.
- Effect: Network partition/consensus split.
- Scope: Any affected Zebra node, and any miner or template pipeline that relies on Zebra's validation result.
Fixed Versions
This issue is fixed in 4.4.0.
The fixes uses a workaround where the input buffer is filled with random bytes on validation failure, which makes signature validation fail (as expected) with overwhelming probability. This avoids a breaking release of the zcash_script crate. A future release will propagate the error correctly for a direct fix.
Mitigation
Users should upgrade to 4.4.0 or later immediately.
There are no known workarounds for this issue. Immediate upgrade is the only way to ensure the node remains on the correct consensus path and is protected against malicious chain forks.
Credits
Zebra thanks @sangsoo-osec for finding and reporting the issue.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.0.1"
},
"package": {
"ecosystem": "crates.io",
"name": "zebra-script"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "zebrad"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44497"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T20:56:21Z",
"nvd_published_at": "2026-05-08T15:17:01Z",
"severity": "CRITICAL"
},
"details": "# CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer\n\n## Summary\n\nThe fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj introduced a separate issue due to insuficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of returning an error, the normal flow would resume, and the input sighash buffer would be left untouched. In scenarios where a previous signature validation could leave a valid sighash in the buffer, an invalid hash-type could be incorrectly accepted, which would create a consensus split between Zebra and zcashd nodes.\n\n## Severity\n\n**Critical** - This is a Consensus Vulnerability that could allow a malicious party to induce network partitioning, service disruption, and potential double-spend attacks against affected nodes.\n\nNote that the impact is currently alleviated by the fact that currently most miners run `zcashd`.\n\n## Affected Versions\n\nZebra 4.3.1.\n\n## Description\n\nVerification of transparent transactions inherits the Bitcoin Script verification code in C++, called from Zebra through a foreign function interface (FFI) with a Rust callback that computes the sighash. The fix for https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-8m29-fpq5-89jj added the missing V5 hash-type consensus check on the Rust side, returning `None` for undefined hash types. However, the FFI bridge only writes to the C++ sighash buffer when the callback returns `Some`, and the C++ checker reads that buffer unconditionally, so the failure signal is lost.\n\nAn attacker could exploit this by:\n\n- Constructing a transparent output spent by a script that runs a valid `OP_CHECKSIGVERIFY` immediately before an `OP_CHECKSIG` with an undefined hash type.\n- The first opcode primes the C++ sighash buffer with a valid digest; the second causes Zebra\u0027s callback to return `None` while the C++ checker verifies the invalid signature against the stale digest.\n- Zebra accepts the spend, zcashd rejects it, creating a consensus split in the network.\n\n## Impact\n\n**Consensus Failure**\n\n- **Attack Vector:** Network.\n- **Effect:** Network partition/consensus split.\n- **Scope:** Any affected Zebra node, and any miner or template pipeline that relies on Zebra\u0027s validation result.\n\n## Fixed Versions\n\nThis issue is fixed in 4.4.0.\n\nThe fixes uses a workaround where the input buffer is filled with random bytes on validation failure, which makes signature validation fail (as expected) with overwhelming probability. This avoids a breaking release of the `zcash_script` crate. A future release will propagate the error correctly for a direct fix.\n\n## Mitigation\n\nUsers should upgrade to 4.4.0 or later immediately.\n\nThere are no known workarounds for this issue. Immediate upgrade is the only way to ensure the node remains on the correct consensus path and is protected against malicious chain forks.\n\n## Credits\n\nZebra thanks @sangsoo-osec for finding and reporting the issue.",
"id": "GHSA-gq4h-3grw-2rhv",
"modified": "2026-05-13T13:28:57Z",
"published": "2026-05-07T20:56:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-gq4h-3grw-2rhv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44497"
},
{
"type": "PACKAGE",
"url": "https://github.com/ZcashFoundation/zebra"
},
{
"type": "WEB",
"url": "https://github.com/ZcashFoundation/zebra/releases/tag/v4.4.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer"
}
GHSA-GQJ5-2XP5-3QMP
Vulnerability from github – Published: 2026-06-26 00:32 – Updated: 2026-06-30 03:37A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to impersonate any federated user linked to the affected Identity Provider, leading to unauthorized access and potential privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2026-11800"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T22:17:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to impersonate any federated user linked to the affected Identity Provider, leading to unauthorized access and potential privilege escalation.",
"id": "GHSA-gqj5-2xp5-3qmp",
"modified": "2026-06-30T03:37:14Z",
"published": "2026-06-26T00:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11800"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30083"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30084"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-11800"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487006"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11800.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GQV6-PWCG-87R8
Vulnerability from github – Published: 2026-06-19 20:47 – Updated: 2026-06-19 20:47Impact
The attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-security bindings does not mitigate the issue because the attack does not reuse the original timestamp — the fresh timestamp in the wsse:Security header is what the replay-detection logic inspects.
Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
Workarounds
Ensure communication is protected by SSL/TLS to prevent capturing of signed SOAP envelope.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54783"
],
"database_specific": {
"cwe_ids": [
"CWE-294",
"CWE-345",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T20:47:14Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nThe attacker, with one captured signed SOAP envelope from a victim and no other privileges, can invoke arbitrary operations on the service as the victim principal for the lifetime of the captured signing key. There is no rate limit on replays. The DetectReplays setting on transport-security bindings does not mitigate the issue because the attack does not reuse the original timestamp \u2014 the fresh timestamp in the wsse:Security header is what the replay-detection logic inspects.\n\n### Patches\nFixed in CoreWCF v1.8.1 and v1.9.1\n\n### Workarounds\nEnsure communication is protected by SSL/TLS to prevent capturing of signed SOAP envelope.",
"id": "GHSA-gqv6-pwcg-87r8",
"modified": "2026-06-19T20:47:14Z",
"published": "2026-06-19T20:47:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-gqv6-pwcg-87r8"
},
{
"type": "PACKAGE",
"url": "https://github.com/CoreWCF/CoreWCF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages"
}
GHSA-GQX7-6552-67HF
Vulnerability from github – Published: 2026-05-15 18:30 – Updated: 2026-06-08 23:31Impact
An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects u ri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material.
Patches
Workarounds
None.
Resources
- MS-OVIVA-EPA4ALL-d453c1
Credits
Machine Spirits (contact@machinespirits.de)
- Dr. rer. nat. Simon Weber
- Dipl.-Inf. Volker Schönefeld
- Chiara Fliegner
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.oviva.telematik:epa4all-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45575"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-15T18:30:48Z",
"nvd_published_at": "2026-05-26T21:16:40Z",
"severity": "HIGH"
},
"details": "### Impact\nAn attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects u ri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker\u0027s encryption key and POSTs it to the attacker\u0027s auth endpoint. This captures the signed authentication material.\n\n### Patches\n[#36](https://github.com/oviva-ag/epa4all-client/pull/36)\n\n### Workarounds\nNone.\n\n### Resources\n- MS-OVIVA-EPA4ALL-d453c1\n\n### Credits\n[Machine Spirits](https://machinespirits.com/) ([contact@machinespirits.de](mailto:contact@machinespirits.de))\n\n- Dr. rer. nat. Simon Weber\n- Dipl.-Inf. Volker Sch\u00f6nefeld\n- Chiara Fliegner",
"id": "GHSA-gqx7-6552-67hf",
"modified": "2026-06-08T23:31:26Z",
"published": "2026-05-15T18:30:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/oviva-ag/epa4all-client/security/advisories/GHSA-gqx7-6552-67hf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45575"
},
{
"type": "WEB",
"url": "https://github.com/oviva-ag/epa4all-client/pull/36"
},
{
"type": "WEB",
"url": "https://github.com/oviva-ag/epa4all-client/commit/9111d6fbb939007036a7f74b2a93bb278cb5af32"
},
{
"type": "PACKAGE",
"url": "https://github.com/oviva-ag/epa4all-client"
},
{
"type": "WEB",
"url": "https://github.com/oviva-ag/epa4all-client/releases/tag/v1.2.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client"
}
GHSA-GRR5-2XQC-RXR6
Vulnerability from github – Published: 2023-08-02 18:30 – Updated: 2024-04-04 06:29The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2023-38418"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-02T16:15:10Z",
"severity": "HIGH"
},
"details": "\nThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-grr5-2xqc-rxr6",
"modified": "2024-04-04T06:29:54Z",
"published": "2023-08-02T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38418"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000134746"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GVC7-GJRW-HJ65
Vulnerability from github – Published: 2024-01-19 21:30 – Updated: 2026-01-22 20:52Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-55xh-53m6-936r. This link is maintained to preserve external references.
Original Description
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.amazonaws:aws-encryption-sdk-java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.amazonaws:aws-encryption-sdk-java"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-23T14:36:13Z",
"nvd_published_at": "2024-01-19T21:15:10Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-55xh-53m6-936r. This link is maintained to preserve external references.\n\n## Original Description\nAWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.",
"id": "GHSA-gvc7-gjrw-hj65",
"modified": "2026-01-22T20:52:18Z",
"published": "2024-01-19T21:30:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-encryption-sdk-java/security/advisories/GHSA-55xh-53m6-936r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23680"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-55xh-53m6-936r"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-encryption-sdk-java"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-55xh-53m6-936r"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java",
"withdrawn": "2026-01-22T20:52:18Z"
}
GHSA-GVPQ-95J2-MC36
Vulnerability from github – Published: 2024-05-01 18:30 – Updated: 2026-02-17 21:31A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.
{
"affected": [],
"aliases": [
"CVE-2024-23480"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T17:15:29Z",
"severity": "HIGH"
},
"details": "A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.",
"id": "GHSA-gvpq-95j2-mc36",
"modified": "2026-02-17T21:31:12Z",
"published": "2024-05-01T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23480"
},
{
"type": "WEB",
"url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023?applicable_category=macos\u0026applicable_version=4.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GVXJ-MGW2-9VG3
Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2025-04-20 03:50An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.
{
"affected": [],
"aliases": [
"CVE-2017-17848"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-27T17:08:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.",
"id": "GHSA-gvxj-mgw2-9vg3",
"modified": "2025-04-20T03:50:29Z",
"published": "2022-05-14T01:01:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17848"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired"
},
{
"type": "WEB",
"url": "https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00333.html"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/enigmail/bugs/709"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4070"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GWJP-78RH-PCGC
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.
{
"affected": [],
"aliases": [
"CVE-2021-20487"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-26T17:15:00Z",
"severity": "CRITICAL"
},
"details": "IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.",
"id": "GHSA-gwjp-78rh-pcgc",
"modified": "2022-05-24T19:03:20Z",
"published": "2022-05-24T19:03:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20487"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/197730"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6455911"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.