CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1121 vulnerabilities reference this CWE, most recent first.
GHSA-HFCF-V2F8-X9PC
Vulnerability from github – Published: 2026-05-08 17:43 – Updated: 2026-05-15 23:49Summary
ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java.
In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify that the public key is the one committed to by the output being spent. As a result, any attacker keypair can satisfy bitcoinj's local verification for arbitrary P2PKH and P2WPKH outputs.
This doesn't affect the SPV (simple payment verification) trust model, as this model follows PoW and doesn't verify input signatures at all.
Details
The issue is in the optimized branches of ScriptExecution.correctlySpends(...).
In the P2PKH fast path at core/src/main/java/org/bitcoinj/script/ScriptExecution.java:1042, the code:
- parses the attacker-supplied signature from
scriptSig - parses the attacker-supplied public key from
scriptSig - computes the sighash against the victim output's
scriptPubKey - checks only
pubkey.verify(sigHash, signature)
It never enforces the missing P2PKH binding:
HASH160(pubkey) == ScriptPattern.extractHashFromP2PKH(scriptPubKey)
That means the OP_DUP OP_HASH160 <hash> OP_EQUALVERIFY OP_CHECKSIG semantics are not actually enforced in this fast path.
Relevant code:
} else if (ScriptPattern.isP2PKH(scriptPubKey)) {
if (chunks.size() != 2)
throw new ScriptException(...);
TransactionSignature signature;
try {
byte[] data = Objects.requireNonNull(chunks.get(0).data);
signature = TransactionSignature.decodeFromBitcoin(data, true, true);
} catch (SignatureDecodeException x) {
throw new ScriptException(...);
}
ECKey pubkey = ECKey.fromPublicOnly(Objects.requireNonNull(chunks.get(1).data));
Sha256Hash sigHash = txContainingThis.hashForSignature(scriptSigIndex, scriptPubKey,
signature.sigHashMode(), false);
boolean validSig = pubkey.verify(sigHash, signature);
if (!validSig)
throw new ScriptException(...);
}
In the native P2WPKH fast path at core/src/main/java/org/bitcoinj/script/ScriptExecution.java:1023, the bug is similar. The code:
- reads the attacker-supplied pubkey from
witness - builds
scriptCodefrom that attacker pubkey withScriptBuilder.createP2PKHOutputScript(pubkey) - computes the BIP143 sighash using that attacker-derived
scriptCode - verifies the signature against the attacker pubkey
It never enforces:
HASH160(pubkey) == ScriptPattern.extractHashFromP2WH(scriptPubKey)
So for P2WPKH, the attacker controls both the pubkey and the scriptCode used for signing.
Relevant code:
if (ScriptPattern.isP2WPKH(scriptPubKey)) {
Objects.requireNonNull(witness);
if (witness.getPushCount() < 2)
throw new ScriptException(...);
TransactionSignature signature;
try {
signature = TransactionSignature.decodeFromBitcoin(witness.getPush(0), true, true);
} catch (SignatureDecodeException x) {
throw new ScriptException(...);
}
ECKey pubkey = ECKey.fromPublicOnly(witness.getPush(1));
Script scriptCode = ScriptBuilder.createP2PKHOutputScript(pubkey);
Sha256Hash sigHash = txContainingThis.hashForWitnessSignature(scriptSigIndex, scriptCode, value,
signature.sigHashMode(), false);
boolean validSig = pubkey.verify(sigHash, signature);
if (!validSig)
throw new ScriptException(...);
}
Affected call sites include:
core/src/main/java/org/bitcoinj/core/TransactionInput.java:546core/src/main/java/org/bitcoinj/wallet/Wallet.java:4520core/src/main/java/org/bitcoinj/signers/LocalTransactionSigner.java:84core/src/main/java/org/bitcoinj/signers/CustomTransactionSigner.java:77
These call sites use correctlySpends() for transaction/input validation and pre-signing checks. Any application that treats a successful result from this path as proof that a spend is valid is affected.
Fix
The issue is fixed on the release-0.17 branch via 2bc5653c41d260d840692bc554690d4d79208f9c, and on master via b575a682acf614b9ff95cacbdeb48f86c3ababe0. A 0.17.1 maintenance release has been made available on Maven Central.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bitcoinj:bitcoinj-core"
},
"ranges": [
{
"events": [
{
"introduced": "0.15"
},
{
"fixed": "0.17.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44714"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T17:43:06Z",
"nvd_published_at": "2026-05-15T17:16:47Z",
"severity": "HIGH"
},
"details": "### Summary\n`ScriptExecution.correctlySpends()` contains two fast-path verification bugs for standard `P2PKH` and native `P2WPKH` spends in `core/src/main/java/org/bitcoinj/script/ScriptExecution.java`.\n\nIn both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify that the public key is the one committed to by the output being spent. As a result, any attacker keypair can satisfy bitcoinj\u0027s local verification for arbitrary `P2PKH` and `P2WPKH` outputs.\n\nThis doesn\u0027t affect the SPV (simple payment verification) trust model, as this model follows PoW and doesn\u0027t verify input signatures at all.\n\n### Details\nThe issue is in the optimized branches of `ScriptExecution.correctlySpends(...)`.\n\nIn the `P2PKH` fast path at `core/src/main/java/org/bitcoinj/script/ScriptExecution.java:1042`, the code:\n\n- parses the attacker-supplied signature from `scriptSig`\n- parses the attacker-supplied public key from `scriptSig`\n- computes the sighash against the victim output\u0027s `scriptPubKey`\n- checks only `pubkey.verify(sigHash, signature)`\n\nIt never enforces the missing `P2PKH` binding:\n\n- `HASH160(pubkey) == ScriptPattern.extractHashFromP2PKH(scriptPubKey)`\n\nThat means the `OP_DUP OP_HASH160 \u003chash\u003e OP_EQUALVERIFY OP_CHECKSIG` semantics are not actually enforced in this fast path.\n\nRelevant code:\n\n```java\n} else if (ScriptPattern.isP2PKH(scriptPubKey)) {\n if (chunks.size() != 2)\n throw new ScriptException(...);\n TransactionSignature signature;\n try {\n byte[] data = Objects.requireNonNull(chunks.get(0).data);\n signature = TransactionSignature.decodeFromBitcoin(data, true, true);\n } catch (SignatureDecodeException x) {\n throw new ScriptException(...);\n }\n ECKey pubkey = ECKey.fromPublicOnly(Objects.requireNonNull(chunks.get(1).data));\n Sha256Hash sigHash = txContainingThis.hashForSignature(scriptSigIndex, scriptPubKey,\n signature.sigHashMode(), false);\n boolean validSig = pubkey.verify(sigHash, signature);\n if (!validSig)\n throw new ScriptException(...);\n}\n```\n\nIn the native `P2WPKH` fast path at `core/src/main/java/org/bitcoinj/script/ScriptExecution.java:1023`, the bug is similar. The code:\n\n- reads the attacker-supplied pubkey from `witness`\n- builds `scriptCode` from that attacker pubkey with `ScriptBuilder.createP2PKHOutputScript(pubkey)`\n- computes the BIP143 sighash using that attacker-derived `scriptCode`\n- verifies the signature against the attacker pubkey\n\nIt never enforces:\n\n- `HASH160(pubkey) == ScriptPattern.extractHashFromP2WH(scriptPubKey)`\n\nSo for `P2WPKH`, the attacker controls both the pubkey and the `scriptCode` used for signing.\n\nRelevant code:\n\n```java\nif (ScriptPattern.isP2WPKH(scriptPubKey)) {\n Objects.requireNonNull(witness);\n if (witness.getPushCount() \u003c 2)\n throw new ScriptException(...);\n TransactionSignature signature;\n try {\n signature = TransactionSignature.decodeFromBitcoin(witness.getPush(0), true, true);\n } catch (SignatureDecodeException x) {\n throw new ScriptException(...);\n }\n ECKey pubkey = ECKey.fromPublicOnly(witness.getPush(1));\n Script scriptCode = ScriptBuilder.createP2PKHOutputScript(pubkey);\n Sha256Hash sigHash = txContainingThis.hashForWitnessSignature(scriptSigIndex, scriptCode, value,\n signature.sigHashMode(), false);\n boolean validSig = pubkey.verify(sigHash, signature);\n if (!validSig)\n throw new ScriptException(...);\n}\n```\n\nAffected call sites include:\n\n- `core/src/main/java/org/bitcoinj/core/TransactionInput.java:546`\n- `core/src/main/java/org/bitcoinj/wallet/Wallet.java:4520`\n- `core/src/main/java/org/bitcoinj/signers/LocalTransactionSigner.java:84`\n- `core/src/main/java/org/bitcoinj/signers/CustomTransactionSigner.java:77`\n\nThese call sites use `correctlySpends()` for transaction/input validation and pre-signing checks. Any application that treats a successful result from this path as proof that a spend is valid is affected.\n\n### Fix\nThe issue is fixed on the `release-0.17` branch via 2bc5653c41d260d840692bc554690d4d79208f9c, and on `master` via b575a682acf614b9ff95cacbdeb48f86c3ababe0. A 0.17.1 maintenance release has been made available on Maven Central.",
"id": "GHSA-hfcf-v2f8-x9pc",
"modified": "2026-05-15T23:49:51Z",
"published": "2026-05-08T17:43:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/bitcoinj/bitcoinj/security/advisories/GHSA-hfcf-v2f8-x9pc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44714"
},
{
"type": "WEB",
"url": "https://github.com/bitcoinj/bitcoinj/commit/2bc5653c41d260d840692bc554690d4d79208f9c"
},
{
"type": "WEB",
"url": "https://github.com/bitcoinj/bitcoinj/commit/b575a682acf614b9ff95cacbdeb48f86c3ababe0"
},
{
"type": "PACKAGE",
"url": "https://github.com/bitcoinj/bitcoinj"
},
{
"type": "WEB",
"url": "https://github.com/bitcoinj/bitcoinj/releases/tag/v0.17.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass"
}
GHSA-HFMF-Q43V-2FFJ
Vulnerability from github – Published: 2019-08-23 21:42 – Updated: 2021-08-17 22:08Versions of openpgp prior to 4.2.0 are vulnerable to Improper Key Verification. The OpenPGP standard allows signature packets to have subpackets which may be hashed or unhashed. Unhashed subpackets are not cryptographically protected and cannot be trusted. The openpgp package does not verify whether a subpacket is hashed. Furthermore, due to the order of parsing a signature packet information from unhashed subpackets overwrites information from hashed subpackets. This may allow an attacker to modify the contents of a key certification signature or revocation signature. Doing so could convince a victim to use an obsolete key for encryption. An attack require a victim to import a manipulated key or update an existing key with a manipulated version.
Recommendation
Upgrade to version 4.2.0 or later.
If you are upgrading from a version <4.0.0 it is highly recommended to read the High-Level API Changes section of the openpgp 4.0.0 release: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.2"
},
"package": {
"ecosystem": "npm",
"name": "openpgp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-9154"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2019-08-23T21:41:08Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Versions of `openpgp` prior to 4.2.0 are vulnerable to Improper Key Verification. The OpenPGP standard allows signature packets to have subpackets which may be hashed or unhashed. Unhashed subpackets are not cryptographically protected and cannot be trusted. The `openpgp` package does not verify whether a subpacket is hashed. Furthermore, due to the order of parsing a signature packet information from unhashed subpackets overwrites information from hashed subpackets. This may allow an attacker to modify the contents of a key certification signature or revocation signature. Doing so could convince a victim to use an obsolete key for encryption. An attack require a victim to import a manipulated key or update an existing key with a manipulated version.\n\n\n## Recommendation\n\nUpgrade to version 4.2.0 or later. \nIf you are upgrading from a version \u003c4.0.0 it is highly recommended to read the `High-Level API Changes` section of the `openpgp` 4.0.0 release: https://github.com/openpgpjs/openpgpjs/releases/tag/v4.0.0",
"id": "GHSA-hfmf-q43v-2ffj",
"modified": "2021-08-17T22:08:26Z",
"published": "2019-08-23T21:42:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9154"
},
{
"type": "WEB",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797"
},
{
"type": "WEB",
"url": "https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1"
},
{
"type": "WEB",
"url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v4.2.0"
},
{
"type": "WEB",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-openpgp-js"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-OPENPGP-460247"
},
{
"type": "WEB",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html#download=1"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1161"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/154191/OpenPGP.js-4.2.0-Signature-Bypass-Invalid-Curve-Attack.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Key Verification in openpgp"
}
GHSA-HFPC-8R3F-GW53
Vulnerability from github – Published: 2026-03-03 20:25 – Updated: 2026-03-25 18:31Summary
AWS-LC is an open-source, general-purpose cryptographic library.
Impact
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.
Impacted versions:
aws-lc-sys versions: >= 0.24.0, < 0.38.0
Patches
The patch is included in v0.38.0
Workarounds
There is no workaround. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.
Resources
If there are any questions or comments about this advisory, contact [AWS/Amazon] Security via the vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "aws-lc-sys"
},
"ranges": [
{
"events": [
{
"introduced": "0.24.0"
},
{
"fixed": "0.38.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-03T20:25:39Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nAWS-LC is an open-source, general-purpose cryptographic library.\n\n### Impact\nImproper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.\n\nCustomers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.\n\n#### Impacted versions: \naws-lc-sys versions: \u003e= 0.24.0, \u003c 0.38.0\n\n### Patches\nThe patch is included in v0.38.0\n\n### Workarounds\nThere is no workaround. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.\n\n### Resources\nIf there are any questions or comments about this advisory, contact [AWS/Amazon] Security via the [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.",
"id": "GHSA-hfpc-8r3f-gw53",
"modified": "2026-03-25T18:31:14Z",
"published": "2026-03-03T20:25:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-lc-rs/security/advisories/GHSA-hfpc-8r3f-gw53"
},
{
"type": "WEB",
"url": "https://github.com/aws/aws-lc/security/advisories/GHSA-jchq-39cv-q4wj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3338"
},
{
"type": "WEB",
"url": "https://aws.amazon.com/security/security-bulletins/2026-005-AWS"
},
{
"type": "PACKAGE",
"url": "https://github.com/aws/aws-lc-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0047.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "AWS-LC has PKCS7_verify Signature Validation Bypass"
}
GHSA-HJGW-9XVW-334R
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:13Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.
{
"affected": [],
"aliases": [
"CVE-2019-9149"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vulnerability allows an attacker to decrypt an arbitrary message when the GnuPG backend is used in Mailvelope.",
"id": "GHSA-hjgw-9xvw-334r",
"modified": "2024-04-04T01:13:33Z",
"published": "2022-05-24T16:49:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9149"
},
{
"type": "WEB",
"url": "https://github.com/mailvelope/mailvelope/blob/master/Changelog.md#v330"
},
{
"type": "WEB",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.html"
},
{
"type": "WEB",
"url": "https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Mailvelope_Extensions/Mailvelope_Extensions_pdf.pdf?__blob=publicationFile\u0026v=3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HJJC-9HHM-H336
Vulnerability from github – Published: 2026-06-09 21:32 – Updated: 2026-06-10 15:31A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
{
"affected": [],
"aliases": [
"CVE-2026-36721"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T19:17:42Z",
"severity": "CRITICAL"
},
"details": "A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.",
"id": "GHSA-hjjc-9hhm-h336",
"modified": "2026-06-10T15:31:30Z",
"published": "2026-06-09T21:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36721"
},
{
"type": "WEB",
"url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/bookcars/vulnerability-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HM55-77PQ-87F5
Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30Windows Enroll Engine Security Feature Bypass Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38069"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-09T17:15:39Z",
"severity": "HIGH"
},
"details": "Windows Enroll Engine Security Feature Bypass Vulnerability",
"id": "GHSA-hm55-77pq-87f5",
"modified": "2024-07-09T18:30:52Z",
"published": "2024-07-09T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38069"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HMGR-779R-QFWW
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.
{
"affected": [],
"aliases": [
"CVE-2018-15374"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-05T14:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.",
"id": "GHSA-hmgr-779r-qfww",
"modified": "2022-05-13T01:34:22Z",
"published": "2022-05-13T01:34:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15374"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsig"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105415"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HMX6-CPRG-H49V
Vulnerability from github – Published: 2026-07-02 21:32 – Updated: 2026-07-02 21:32CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.
{
"affected": [],
"aliases": [
"CVE-2026-13743"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-02T19:16:59Z",
"severity": "LOW"
},
"details": "CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication.",
"id": "GHSA-hmx6-cprg-h49v",
"modified": "2026-07-02T21:32:11Z",
"published": "2026-07-02T21:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13743"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HPM7-4H9P-PHG8
Vulnerability from github – Published: 2025-03-12 00:31 – Updated: 2025-03-12 00:31Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615.
{
"affected": [],
"aliases": [
"CVE-2025-2233"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T23:15:38Z",
"severity": "HIGH"
},
"details": "Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615.",
"id": "GHSA-hpm7-4h9p-phg8",
"modified": "2025-03-12T00:31:50Z",
"published": "2025-03-12T00:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2233"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-127"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HPW7-8QPC-34P3
Vulnerability from github – Published: 2025-03-07 16:21 – Updated: 2025-03-12 14:40Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability
Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.
Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/346
Mitigation factors
Microsoft has not identified any mitigating factors for this vulnerability.
Affected Packages
The vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below
WinDbg WinDbg
| Package name | Affected version | Patched version |
|---|---|---|
| dotnet-sos | < 9.0.607501 | 9.0.607501 |
| dotnet-dump | < 9.0.557512 | 9.0.607501 |
| dotnet-debugger-extensions | 9.0.557512 | 9.0.607601 |
Advisory FAQ
How do I know if I am affected?
If you you are using the affected version listed in affected packages, you're exposed to the vulnerability.
How do I fix the issue?
- To fix the issue please install the latest version of WinDbg.
- If your application references the vulnerable package, update the package reference to the patched version.
Other Information
Reporting Security Issues
If you have found a potential security issue, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.
Support
You can ask questions about this issue on GitHub in the .NET GitHub organization.
Disclaimer
The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
External Links
Revisions
V1.0 (March 06, 2024): Advisory published.
Version 1.0
Last Updated 2025-03-06
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "dotnet-sos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.607501"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "dotnet-dump"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.607501"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "dotnet-debugger-extensions"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.607601"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-24043"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-07T16:21:34Z",
"nvd_published_at": "2025-03-11T17:16:25Z",
"severity": "HIGH"
},
"details": "# Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability\n\n## \u003ca name=\"executive-summary\"\u003e\u003c/a\u003eExecutive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in [WinDbg](https://aka.ms/windbg/download). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nImproper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.\n\n## Announcement\n\nAnnouncement for this issue can be found at https://github.com/dotnet/announcements/issues/346\n\n## \u003ca name=\"mitigation-factors\"\u003e\u003c/a\u003eMitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## \u003ca name=\"affected-packages\"\u003e\u003c/a\u003eAffected Packages\nThe vulnerability affects any Microsoft .NET Core project if it uses any of affected packages versions listed below\n\n### \u003ca name=\"\"\u003eWinDbg\u003c/a\u003e WinDbg\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[dotnet-sos](https://www.nuget.org/packages/dotnet-sos) | \u003c 9.0.607501 | 9.0.607501\n[dotnet-dump](https://www.nuget.org/packages/dotnet-dump) | \u003c 9.0.557512 | 9.0.607501\n[dotnet-debugger-extensions](https://www.nuget.org/packages/dotnet-debugger-extensions) | 9.0.557512 | 9.0.607601\n\n## Advisory FAQ\n\n### \u003ca name=\"how-affected\"\u003e\u003c/a\u003eHow do I know if I am affected?\n\nIf you you are using the affected version listed in [affected packages](#affected-software), you\u0027re exposed to the vulnerability.\n\n### \u003ca name=\"how-fix\"\u003e\u003c/a\u003eHow do I fix the issue?\n\n1. To fix the issue please install the latest version of [WinDbg](https://aka.ms/windbg/download).\n2. If your application references the vulnerable package, update the package reference to the patched version.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core \u0026 .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at \u003chttps://aka.ms/corebounty\u003e.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. \n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2025-24043]( https://www.cve.org/CVERecord?id=CVE-2025-24043)\n\n### Revisions\n\nV1.0 (March 06, 2024): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2025-03-06_",
"id": "GHSA-hpw7-8qpc-34p3",
"modified": "2025-03-12T14:40:53Z",
"published": "2025-03-07T16:21:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/diagnostics/security/advisories/GHSA-hpw7-8qpc-34p3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24043"
},
{
"type": "PACKAGE",
"url": "https://github.com/dotnet/diagnostics"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/diagnostics/releases/tag/v9.0.607501"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.