CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1123 vulnerabilities reference this CWE, most recent first.
GHSA-XJMF-XR2J-GFX7
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.
{
"affected": [],
"aliases": [
"CVE-2018-3968"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-21T17:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot\u0027s verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.",
"id": "GHSA-xjmf-xr2j-gfx7",
"modified": "2022-05-13T01:01:50Z",
"published": "2022-05-13T01:01:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3968"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJR9-GG9Q-JX3V
Vulnerability from github – Published: 2026-06-19 20:47 – Updated: 2026-06-19 20:47Impact
Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0.
Preconditions
Relying-party service is hosted with WSFederationHttpBinding or WS2007FederationHttpBinding (or any binding that triggers FederatedSecurityTokenManager for issued-token validation), and IdentityConfiguration is wired (UseIdentityConfiguration = true). Attacker can reach the service over the network and knows the trusted STS’s public certificate (public certs are by design discoverable).
Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
Workarounds
None
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54782"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T20:47:11Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\nFull impersonation of any principal the trusted STS could have issued an assertion for \u2014 including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0.\n\n#### Preconditions\nRelying-party service is hosted with WSFederationHttpBinding or WS2007FederationHttpBinding (or any binding that triggers FederatedSecurityTokenManager for issued-token validation), and IdentityConfiguration is wired (UseIdentityConfiguration = true).\nAttacker can reach the service over the network and knows the trusted STS\u2019s public certificate (public certs are by design discoverable).\n\n### Patches\nFixed in CoreWCF v1.8.1 and v1.9.1\n\n### Workarounds\nNone",
"id": "GHSA-xjr9-gg9q-jx3v",
"modified": "2026-06-19T20:47:11Z",
"published": "2026-06-19T20:47:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-xjr9-gg9q-jx3v"
},
{
"type": "PACKAGE",
"url": "https://github.com/CoreWCF/CoreWCF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation"
}
GHSA-XMVF-WM3Q-GH2F
Vulnerability from github – Published: 2024-06-17 09:31 – Updated: 2024-07-03 18:45Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.
{
"affected": [],
"aliases": [
"CVE-2024-36277"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-17T08:15:48Z",
"severity": "CRITICAL"
},
"details": "Improper verification of cryptographic signature issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.",
"id": "GHSA-xmvf-wm3q-gh2f",
"modified": "2024-07-03T18:45:35Z",
"published": "2024-06-17T09:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36277"
},
{
"type": "WEB",
"url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930"
},
{
"type": "WEB",
"url": "https://freefrom.space"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN55045256"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=com.freefrom"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XPXF-P5MX-CQ4F
Vulnerability from github – Published: 2022-04-22 00:24 – Updated: 2024-04-03 23:05It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
{
"affected": [],
"aliases": [
"CVE-2011-3374"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-26T00:15:00Z",
"severity": "MODERATE"
},
"details": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.",
"id": "GHSA-xpxf-p5mx-cq4f",
"modified": "2024-04-03T23:05:29Z",
"published": "2022-04-22T00:24:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3374"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2011-3374"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"
},
{
"type": "WEB",
"url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"
},
{
"type": "WEB",
"url": "https://seclists.org/fulldisclosure/2011/Sep/221"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/CVE-2011-3374"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XQ4H-WQM2-668W
Vulnerability from github – Published: 2025-11-24 23:34 – Updated: 2025-11-27 08:42Summary
The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASH_ALL, and therefore is not strictly following the spec.
Impact
Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/babylonlabs-io/babylon/v4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-24T23:34:18Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nThe BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASH_ALL, and therefore is not strictly following the [spec](https://bips.dev/322/).\n\n### Impact\n\nNon-compliant BIP-322 signatures in proof of possessions can be accepted by the chain.",
"id": "GHSA-xq4h-wqm2-668w",
"modified": "2025-11-27T08:42:15Z",
"published": "2025-11-24T23:34:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/babylonlabs-io/babylon/security/advisories/GHSA-xq4h-wqm2-668w"
},
{
"type": "WEB",
"url": "https://github.com/babylonlabs-io/babylon/commit/6e8bdd328a47343fcd7ad98d1b0c7267860b019a"
},
{
"type": "WEB",
"url": "https://bips.dev/322"
},
{
"type": "PACKAGE",
"url": "https://github.com/babylonlabs-io/babylon"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Babylon\u0027s BIP322 signature implementation is not fully compliant to the spec"
}
GHSA-XQ6H-HM2M-HW55
Vulnerability from github – Published: 2025-03-05 18:32 – Updated: 2025-03-05 18:32A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client.
This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.
{
"affected": [],
"aliases": [
"CVE-2025-20206"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-05T17:15:14Z",
"severity": "HIGH"
},
"details": "A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cisco Secure Client.\n\nThis vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to a specific Cisco Secure Client process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid user credentials on the Windows system.",
"id": "GHSA-xq6h-hm2m-hw55",
"modified": "2025-03-05T18:32:09Z",
"published": "2025-03-05T18:32:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20206"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-dll-injection-AOyzEqSg"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XQGQ-4WPF-XFR8
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-04-04 07:06Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.
{
"affected": [],
"aliases": [
"CVE-2021-43171"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:21Z",
"severity": "MODERATE"
},
"details": "Improper verification of applications\u0027 cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user\u0027s systems by altering the server\u0027s API response.",
"id": "GHSA-xqgq-4wpf-xfr8",
"modified": "2024-04-04T07:06:47Z",
"published": "2023-08-22T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43171"
},
{
"type": "WEB",
"url": "https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvements"
},
{
"type": "WEB",
"url": "https://nervuri.net/e/apps"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XQQC-C5GW-C5R5
Vulnerability from github – Published: 2022-12-14 21:35 – Updated: 2022-12-14 21:35Impact
Anyone using the tendermint-light-client and related packages to perform light client verification (e.g. IBC-rs, Hermes).
At present, the light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client.
The attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks.
Patches
Users of the light client-related crates can currently upgrade to v0.28.0.
Workarounds
None
References
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.27.0"
},
"package": {
"ecosystem": "crates.io",
"name": "tendermint-light-client-verifier"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.27.0"
},
"package": {
"ecosystem": "crates.io",
"name": "tendermint-light-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.27.0"
},
"package": {
"ecosystem": "crates.io",
"name": "tendermint-light-client-js"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-23507"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-14T21:35:24Z",
"nvd_published_at": "2022-12-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nAnyone using the `tendermint-light-client` and related packages to perform light client verification (e.g. IBC-rs, Hermes).\n\nAt present, the light client does not check that the chain IDs of the trusted and untrusted headers match, resulting in a possible attack vector where someone who finds a header from an untrusted chain that satisfies all other verification conditions (e.g. enough overlapping validator signatures) could fool a light client.\n\nThe attack vector is currently theoretical, and no proof-of-concept exists yet to exploit it on live networks.\n\n### Patches\n\nUsers of the light client-related crates can currently upgrade to `v0.28.0`.\n\n### Workarounds\n\nNone\n\n### References\n\n- [Light Client specification](https://github.com/tendermint/tendermint/tree/main/spec/light-client)",
"id": "GHSA-xqqc-c5gw-c5r5",
"modified": "2022-12-14T21:35:24Z",
"published": "2022-12-14T21:35:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/informalsystems/tendermint-rs/security/advisories/GHSA-xqqc-c5gw-c5r5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23507"
},
{
"type": "WEB",
"url": "https://github.com/informalsystems/tendermint-rs/commit/5c32f31b97ac3172775699fe0d4ba6003ca4fb18"
},
{
"type": "PACKAGE",
"url": "https://github.com/informalsystems/tendermint-rs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Tendermint light client verification not taking into account chain ID"
}
GHSA-XRR5-3HRR-35JX
Vulnerability from github – Published: 2023-01-20 21:30 – Updated: 2023-02-03 15:31CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.
{
"affected": [],
"aliases": [
"CVE-2023-24025"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-20T21:15:00Z",
"severity": "HIGH"
},
"details": "CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.",
"id": "GHSA-xrr5-3hrr-35jx",
"modified": "2023-02-03T15:31:16Z",
"published": "2023-01-20T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24025"
},
{
"type": "WEB",
"url": "https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2023/050"
},
{
"type": "WEB",
"url": "https://github.com/PQClean/PQClean/tree/d03da3053491e767ef842deaef43fc5bdb6bc911"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XVRC-2WVH-49VC
Vulnerability from github – Published: 2023-11-14 20:31 – Updated: 2023-11-14 20:31Impact
In certain versions of gitsign, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures.
There is no known compromise the default public good instance (rekor.sigstore.dev) - anyone using this instance is unlikely to be affected.
Patches
This was fixed in v0.8.0 via https://github.com/sigstore/gitsign/pull/399
Workarounds
n/a
References
Are there any links users can visit to find out more?
https://docs.sigstore.dev/about/threat-model/#sigstore-threat-model
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/gitsign"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-47122"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-14T20:31:23Z",
"nvd_published_at": "2023-11-10T22:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nIn certain versions of gitsign, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures.\n\nThere is no known compromise the default public good instance (`rekor.sigstore.dev`) - anyone using this instance is unlikely to be affected.\n\n### Patches\n\nThis was fixed in v0.8.0 via https://github.com/sigstore/gitsign/pull/399\n\n### Workarounds\n\nn/a\n\n### References\n_Are there any links users can visit to find out more?_\n\nhttps://docs.sigstore.dev/about/threat-model/#sigstore-threat-model",
"id": "GHSA-xvrc-2wvh-49vc",
"modified": "2023-11-14T20:31:23Z",
"published": "2023-11-14T20:31:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/gitsign/security/advisories/GHSA-xvrc-2wvh-49vc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47122"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/gitsign/pull/399"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/gitsign/commit/cd66ccb03c86a3600955f0c15f6bfeb75f697236"
},
{
"type": "WEB",
"url": "https://docs.sigstore.dev/about/threat-model/#sigstore-threat-model"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/gitsign"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Gitsign\u0027s Rekor public keys fetched from upstream API instead of local TUF client."
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.