Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-3FM4-36VF-4HFW

Vulnerability from github – Published: 2023-08-29 09:30 – Updated: 2024-04-04 07:15
VLAI
Details

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-29T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.",
  "id": "GHSA-3fm4-36vf-4hfw",
  "modified": "2024-04-04T07:15:14Z",
  "published": "2023-08-29T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23772"
    },
    {
      "type": "WEB",
      "url": "https://tetraburst.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FR9-8M46-R2MM

Vulnerability from github – Published: 2024-01-09 12:30 – Updated: 2025-10-08 09:31
VLAI
Details

An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T10:15:22Z",
    "severity": "CRITICAL"
  },
  "details": "An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables.\u00a0This issue affects JetNet devices older than firmware version 2024/01.",
  "id": "GHSA-3fr9-8m46-r2mm",
  "modified": "2025-10-08T09:31:13Z",
  "published": "2024-01-09T12:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5347"
    },
    {
      "type": "WEB",
      "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-korenix-jetnet-series"
    },
    {
      "type": "WEB",
      "url": "https://www.beijerelectronics.com/en/support/Help___online?docId=69947"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176550/Korenix-JetNet-Series-Unauthenticated-Access.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Jan/11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FVG-4V2M-98JF

Vulnerability from github – Published: 2022-06-25 07:19 – Updated: 2022-07-05 21:25
VLAI
Summary
JWS and JWT signature validation vulnerability with special characters
Details

Impact

Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.

For example, even if a string of non Base64URL encoding characters such as !@$% or \11 is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake.

When jsrsasign's JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization.

By our internal assessment, CVSS 3.1 score will be 8.6. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Patches

Users validate JWS or JWT signatures should upgrade to 10.5.25.

Workarounds

Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

ACKNOWLEDGEMENT

Thanks to Adi Malyanker and Or David for this vulnerability report. Also thanks for Snyk security team for this coordination.

References

https://github.com/kjur/jsrsasign/releases/tag/10.5.25 https://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf kjur's advisories https://github.com/advisories/GHSA-3fvg-4v2m-98jf github advisories https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898 https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT https://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verify https://kjur.github.io/jsrsasign/api/symbols/global__.html#.isBase64URLDot https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWS-verification https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jsrsasign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.8.0"
            },
            {
              "fixed": "10.5.25"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-25898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-25T07:19:06Z",
    "nvd_published_at": "2022-07-01T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nJsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.\n\nFor example, even if a string of non Base64URL encoding characters such as `!@$%` or `\\11` is inserted into a valid JWS or JWT signature value string, it will still be a valid JWS or JWT signature by mistake.\n\nWhen jsrsasign\u0027s JWS or JWT validation is used in OpenID connect or OAuth2, this vulnerability will affect to authentication or authorization.\n\nBy our internal assessment, CVSS 3.1 score will be 8.6.\nCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\n\n### Patches\nUsers validate JWS or JWT signatures should upgrade to 10.5.25.\n\n### Workarounds\nValidate JWS or JWT signature if it has Base64URL and dot safe string before\nexecuting JWS.verify() or JWS.verifyJWT() method.\n\n### ACKNOWLEDGEMENT\n\nThanks to Adi Malyanker and Or David for this vulnerability report. Also thanks for [Snyk security team](https://snyk.io/) for this coordination.\n\n### References\nhttps://github.com/kjur/jsrsasign/releases/tag/10.5.25\nhttps://github.com/kjur/jsrsasign/security/advisories/GHSA-3fvg-4v2m-98jf kjur\u0027s advisories\nhttps://github.com/advisories/GHSA-3fvg-4v2m-98jf github advisories\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898\nhttps://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verifyJWT\nhttps://kjur.github.io/jsrsasign/api/symbols/KJUR.jws.JWS.html#.verify\nhttps://kjur.github.io/jsrsasign/api/symbols/global__.html#.isBase64URLDot\nhttps://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWS-verification\nhttps://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-verification\nhttps://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122\n",
  "id": "GHSA-3fvg-4v2m-98jf",
  "modified": "2022-07-05T21:25:54Z",
  "published": "2022-06-25T07:19:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25898"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41"
    },
    {
      "type": "WEB",
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25898"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kjur/jsrsasign"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/releases/tag/10.5.25"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "JWS and JWT signature validation vulnerability with special characters"
}

GHSA-3GCG-C4CR-6G36

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-11-15 21:35
VLAI
Details

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31841"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-22T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.",
  "id": "GHSA-3gcg-c4cr-6g36",
  "modified": "2023-11-15T21:35:02Z",
  "published": "2022-05-24T19:15:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31841"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10369"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GGR-5P57-2XGH

Vulnerability from github – Published: 2024-10-15 09:30 – Updated: 2025-11-04 00:31
VLAI
Details

The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the firmware and is freely available for download. This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-15T09:15:03Z",
    "severity": "CRITICAL"
  },
  "details": "The firmware upgrade function in the admin web interface of the Rittal\u00a0IoT Interface \u0026 CMC III Processing Unit devices checks if \nthe patch files are signed before executing the containing run.sh \nscript. The signing process is kind of an HMAC with a long string as key\n which is hard-coded in the firmware and is freely available for \ndownload. This allows crafting malicious \"signed\" .patch files in order \nto compromise the device and execute arbitrary code.",
  "id": "GHSA-3ggr-5p57-2xgh",
  "modified": "2025-11-04T00:31:34Z",
  "published": "2024-10-15T09:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47943"
    },
    {
      "type": "WEB",
      "url": "https://r.sec-consult.com/rittaliot"
    },
    {
      "type": "WEB",
      "url": "https://www.rittal.com/de-de/products/deep/3124300"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JM5-8QWR-JVWM

Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2026-03-05 21:30
VLAI
Details

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-325",
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-07T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.",
  "id": "GHSA-3jm5-8qwr-jvwm",
  "modified": "2026-03-05T21:30:23Z",
  "published": "2022-05-13T01:52:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5383"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2169"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4094-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4095-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4095-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4118-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4351-1"
    },
    {
      "type": "WEB",
      "url": "https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/304725"
    },
    {
      "type": "WEB",
      "url": "http://www.cs.technion.ac.il/~biham/BT"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104879"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041432"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JWQ-498G-6473

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2023-03-24 18:30
VLAI
Details

A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1810"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-15T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not properly verified during CLI command execution. An attacker could exploit this vulnerability to install an unsigned software image on an affected device. Note: If the device has not been patched for the vulnerability previously disclosed in the Cisco Security Advisory cisco-sa-20190306-nxos-sig-verif, a successful exploit could allow the attacker to boot a malicious software image.",
  "id": "GHSA-3jwq-498g-6473",
  "modified": "2023-03-24T18:30:22Z",
  "published": "2022-05-24T16:45:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1810"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-sisv"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108431"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3MF3-33V4-JCJ2

Vulnerability from github – Published: 2022-04-30 18:21 – Updated: 2024-02-08 21:30
VLAI
Details

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2002-1796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-12-31T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.",
  "id": "GHSA-3mf3-33v4-jcj2",
  "modified": "2024-02-08T21:30:29Z",
  "published": "2022-04-30T18:21:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-1796"
    },
    {
      "type": "WEB",
      "url": "http://online.securityfocus.com/advisories/4317"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/9695.php"
    },
    {
      "type": "WEB",
      "url": "http://www.phenoelit.de/stuff/HP_Chai.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/284648"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/5334"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3QPC-4533-P5RR

Vulnerability from github – Published: 2022-05-14 01:41 – Updated: 2022-05-14 01:41
VLAI
Details

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-26T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.",
  "id": "GHSA-3qpc-4533-p5rr",
  "modified": "2022-05-14T01:41:56Z",
  "published": "2022-05-14T01:41:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15836"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xelerance/Openswan/commit/9eaa6c2a823c1d2b58913506a15f9474bf857a3d"
    },
    {
      "type": "WEB",
      "url": "https://lists.openswan.org/pipermail/users/2018-August/023761.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3R3G-G73X-G593

Vulnerability from github – Published: 2021-10-12 16:06 – Updated: 2025-12-22 16:27
VLAI
Summary
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
Details

Impact

coreos-installer fails to correctly verify GPG signatures when decompressing gzip-compressed artifacts. This allows bypass of signature verification in cases where coreos-installer decompresses a downloaded OS image, allowing an attacker who can modify the OS image to compromise a newly-installed system.

Default installations from ISO or PXE media in Fedora CoreOS, RHEL CoreOS, and RHEL for Edge are not affected, as coreos-installer installs from an OS image shipped as part of the install media.

These flows are affected:

  1. Installing with --image-file, --image-url, or coreos.inst.image_url. For example, if a user has a local mirror of installation images, an attacker could replace an image with a gzip-compressed alternative (even if the file extension is .xz). The result:

    ``` $ coreos-installer install --image-url http://localhost:8080/image.xz /dev/loop0 Downloading image from http://localhost:8080/image.xz Downloading signature from http://localhost:8080/image.xz.sig

    Read disk 749.9 MiB/749.9 MiB (100%) gpg: Signature made Mon 20 Sep 2021 02:41:50 PM EDT gpg: using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39 gpg: BAD signature from "Fedora (34) fedora-34-primary@fedoraproject.org" [ultimate] Install complete. ```

    Notice that GPG reports a bad signature, but coreos-installer continues anyway. Automation that relies on coreos-installer's exit status will not notice either.

  2. coreos-installer download --decompress --image-url:

    ``` $ coreos-installer download --decompress --image-url http://localhost:8080/image.xz

    Read disk 749.9 MiB/749.9 MiB (100%) gpg: Signature made Mon 20 Sep 2021 02:41:50 PM EDT gpg: using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39 gpg: BAD signature from "Fedora (34) fedora-34-primary@fedoraproject.org" [ultimate] ./image ```

    Again, coreos-installer reports success.

  3. Installing with default parameters, when not installing from the image built into live ISO or PXE media, if the hosting service is compromised or if an active attacker gains control of the HTTPS response.

  4. coreos-installer download --decompress if the hosting service is compromised or if an active attacker gains control of the HTTPS response.

Patches

The vulnerability is fixed in coreos-installer 0.10.1.

Workarounds

For coreos-installer download, do not use the -d or --decompress options.

For coreos-installer install, manually inspect the stderr output. If BAD signature appears, do not boot from the target disk. Note, however, that some OS services may have already accessed data on the compromised disk.

References

For more information, see PR 655.

For more information

If you have any questions or comments about this advisory, open an issue in coreos-installer or email the CoreOS development mailing list.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "coreos-installer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-20319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-11T21:17:04Z",
    "nvd_published_at": "2022-03-04T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\ncoreos-installer fails to correctly verify GPG signatures when decompressing gzip-compressed artifacts.  This allows bypass of signature verification in cases where coreos-installer decompresses a downloaded OS image, allowing an attacker who can modify the OS image to compromise a newly-installed system.\n\nDefault installations from ISO or PXE media in Fedora CoreOS, RHEL CoreOS, and RHEL for Edge are **not** affected, as coreos-installer installs from an OS image shipped as part of the install media.\n\nThese flows are affected:\n\n1.  Installing with `--image-file`, `--image-url`, or `coreos.inst.image_url`.  For example, if a user has a local mirror of installation images, an attacker could replace an image with a gzip-compressed alternative (even if the file extension is `.xz`).  The result:\n\n    ```\n    $ coreos-installer install --image-url http://localhost:8080/image.xz /dev/loop0\n    Downloading image from http://localhost:8080/image.xz\n    Downloading signature from http://localhost:8080/image.xz.sig\n    \u003e Read disk 749.9 MiB/749.9 MiB (100%)\n    gpg: Signature made Mon 20 Sep 2021 02:41:50 PM EDT\n    gpg: using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39\n    gpg: BAD signature from \"Fedora (34) \u003cfedora-34-primary@fedoraproject.org\u003e\" [ultimate]\n    Install complete.\n    ```\n\n    Notice that GPG reports a bad signature, but coreos-installer continues anyway.  Automation that relies on coreos-installer\u0027s exit status will not notice either.\n\n2. `coreos-installer download --decompress --image-url`:\n\n    ```\n    $ coreos-installer download --decompress --image-url http://localhost:8080/image.xz\n    \u003e Read disk 749.9 MiB/749.9 MiB (100%)\n    gpg: Signature made Mon 20 Sep 2021 02:41:50 PM EDT\n    gpg: using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39\n    gpg: BAD signature from \"Fedora (34) \u003cfedora-34-primary@fedoraproject.org\u003e\" [ultimate]\n    ./image\n    ```\n\n    Again, coreos-installer reports success.\n\n3. Installing with default parameters, when **not** installing from the image built into live ISO or PXE media, if the hosting service is compromised or if an active attacker gains control of the HTTPS response.\n\n4. `coreos-installer download --decompress` if the hosting service is compromised or if an active attacker gains control of the HTTPS response.\n\n### Patches\n\nThe vulnerability is [fixed](https://github.com/coreos/coreos-installer/pull/659) in coreos-installer 0.10.1.\n\n### Workarounds\n\nFor `coreos-installer download`, do not use the `-d` or `--decompress` options.\n\nFor `coreos-installer install`, manually inspect the stderr output.  If `BAD signature` appears, do not boot from the target disk.  Note, however, that some OS services may have already accessed data on the compromised disk.\n\n### References\n\nFor more information, see [PR 655](https://github.com/coreos/coreos-installer/pull/655).\n\n### For more information\n\nIf you have any questions or comments about this advisory, [open an issue in coreos-installer](https://github.com/coreos/coreos-installer/issues/new/choose) or email the CoreOS [development mailing list](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/).",
  "id": "GHSA-3r3g-g73x-g593",
  "modified": "2025-12-22T16:27:06Z",
  "published": "2021-10-12T16:06:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/coreos/coreos-installer/security/advisories/GHSA-3r3g-g73x-g593"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20319"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coreos/coreos-installer/pull/655"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coreos/coreos-installer/pull/659/commits/ad243c6f0eff2835b2da56ca5f7f33af76253c89"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011862"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/coreos/coreos-installer"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0103.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "coreos-installer improperly verifies GPG signature when decompressing gzipped artifact"
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.