Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-739F-HW6H-7WQ8

Vulnerability from github – Published: 2022-08-10 18:38 – Updated: 2022-08-10 18:38
VLAI
Summary
PolicyController before 0.2.1 may bypass attestation verification
Details

PolicyController will report a false positive, resulting in an admission when it should not be admitted when: * There is at least one attestation with a valid signature * There are NO attestations of the type being verified (--type defaults to "custom")

Users should upgrade to cosign version 0.2.1 or greater for a patch. There are no known workarounds at this time.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/sigstore/policy-controller"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35930"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-10T18:38:16Z",
    "nvd_published_at": "2022-08-04T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "PolicyController will report a false positive, resulting in an admission when it should not be admitted when:\n * There is at least one attestation with a valid signature\n * There are NO attestations of the type being verified (--type defaults to \"custom\")\n\nUsers should upgrade to cosign version 0.2.1 or greater for a patch. There are no known workarounds at this time.",
  "id": "GHSA-739f-hw6h-7wq8",
  "modified": "2022-08-10T18:38:16Z",
  "published": "2022-08-10T18:38:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/policy-controller/security/advisories/GHSA-739f-hw6h-7wq8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35930"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/policy-controller/commit/e852af36fb7d42678b21d7e97503c25bd1fd05c8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sigstore/policy-controller"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sigstore/policy-controller/releases/tag/v0.2.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PolicyController before 0.2.1 may bypass attestation verification"
}

GHSA-73V4-JJR8-V4CQ

Vulnerability from github – Published: 2022-09-03 00:00 – Updated: 2022-09-09 00:00
VLAI
Details

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-02T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-73v4-jjr8-v4cq",
  "modified": "2022-09-09T00:00:55Z",
  "published": "2022-09-03T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35113"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-747X-5M58-MQ97

Vulnerability from github – Published: 2024-02-13 06:30 – Updated: 2024-10-16 17:06
VLAI
Summary
svix vulnerable to Authentication Bypass
Details

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.

Note:

The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "svix"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.17.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21491"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-288",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-13T18:36:52Z",
    "nvd_published_at": "2024-02-13T05:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.\n\n**Note:**\n\nThe attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.",
  "id": "GHSA-747x-5m58-mq97",
  "modified": "2024-10-16T17:06:15Z",
  "published": "2024-02-13T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21491"
    },
    {
      "type": "WEB",
      "url": "https://github.com/svix/svix-webhooks/pull/1190"
    },
    {
      "type": "WEB",
      "url": "https://github.com/svix/svix-webhooks/commit/958821bd3b956d1436af65f70a0964d4ffb7daf6"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/svix/svix-webhooks"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0010.html"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-RUST-SVIX-6230729"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "svix vulnerable to Authentication Bypass"
}

GHSA-74WM-8C3J-GW64

Vulnerability from github – Published: 2023-08-29 09:30 – Updated: 2024-04-04 07:15
VLAI
Details

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23773"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-29T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.",
  "id": "GHSA-74wm-8c3j-gw64",
  "modified": "2024-04-04T07:15:15Z",
  "published": "2023-08-29T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23773"
    },
    {
      "type": "WEB",
      "url": "https://tetraburst.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-754F-8GM6-C4R2

Vulnerability from github – Published: 2025-03-12 20:54 – Updated: 2025-11-03 21:33
VLAI
Summary
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
Details

Summary

An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.

Impact

This issue may lead to authentication bypass.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ruby-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.18.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ruby-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-25292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-436"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-12T20:54:42Z",
    "nvd_published_at": "2025-03-12T21:15:42Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\nAn authentication bypass vulnerability was found in ruby-saml due to a parser differential.\nReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.\n\n### Impact\nThis issue may lead to authentication bypass.",
  "id": "GHSA-754f-8gm6-c4r2",
  "modified": "2025-11-03T21:33:11Z",
  "published": "2025-03-12T20:54:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25292"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
    },
    {
      "type": "WEB",
      "url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SAML-Toolkits/ruby-saml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25292.yml"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=43374519"
    },
    {
      "type": "WEB",
      "url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250314-0009"
    },
    {
      "type": "ADVISORY",
      "url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)"
}

GHSA-75FF-MXV3-9XHW

Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:22
VLAI
Details

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1010161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-25T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.",
  "id": "GHSA-75ff-mxv3-9xhw",
  "modified": "2024-04-04T01:22:03Z",
  "published": "2022-05-24T16:51:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010161"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75G4-7255-WXGC

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2025-10-22 00:31
VLAI
Details

A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-17T19:15:00Z",
    "severity": "LOW"
  },
  "details": "A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka \u0027Windows Spoofing Vulnerability\u0027.",
  "id": "GHSA-75g4-7255-wxgc",
  "modified": "2025-10-22T00:31:57Z",
  "published": "2022-05-24T17:25:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1464"
    },
    {
      "type": "WEB",
      "url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html"
    },
    {
      "type": "WEB",
      "url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75RW-34Q6-72CR

Vulnerability from github – Published: 2022-06-17 00:38 – Updated: 2023-03-07 00:39
VLAI
Summary
Signature forgery in Biscuit
Details

Impact

The paper Cryptanalysis of Aggregate Γ-Signature and Practical Countermeasures in Application to Bitcoin defines a way to forge valid Γ-signatures, an algorithm that is used in the Biscuit specification version 1. It would allow an attacker to create a token with any access level.

As Biscuit v1 was still an early version and not broadly deployed, we were able to contact all known users of Biscuit v1 and help them migrate to Biscuit v2. We are not aware of any active exploitation of this vulnerability.

Patches

The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification.

Workarounds

There is no known workaround, any use of Biscuit v1 should be migrated to v2.

References

Cryptanalysis of Aggregate Γ-Signature and Practical Countermeasures in Application to Bitcoin

For more information

If you have any questions or comments about this advisory: * Open an issue in biscuit-auth/biscuit * Ask questions on Matrix

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "biscuit-auth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/biscuit-auth/biscuit-go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.clever-cloud:biscuit-java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-17T00:38:03Z",
    "nvd_published_at": "2022-06-13T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nThe paper [Cryptanalysis of Aggregate \u0393-Signature and Practical Countermeasures in Application to Bitcoin](https://eprint.iacr.org/2020/1484) defines a way to forge valid \u0393-signatures, an algorithm that is used in the Biscuit specification version 1.\nIt would allow an attacker to create a token with any access level.\n\nAs Biscuit v1 was still an early version and not broadly deployed, we were able to contact all known users of Biscuit v1 and help them migrate to Biscuit v2.\nWe are not aware of any active exploitation of this vulnerability.\n\n### Patches\n\nThe version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification.\n\n### Workarounds\n\nThere is no known workaround, any use of Biscuit v1 should be migrated to v2.\n\n### References\n[Cryptanalysis of Aggregate \u0393-Signature and Practical Countermeasures in Application to Bitcoin](https://eprint.iacr.org/2020/1484)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [biscuit-auth/biscuit](https://github.com/biscuit-auth/biscuit)\n* Ask questions on [Matrix](https://matrix.to/#/#biscuit-auth:matrix.org)\n",
  "id": "GHSA-75rw-34q6-72cr",
  "modified": "2023-03-07T00:39:38Z",
  "published": "2022-06-17T00:38:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/biscuit-auth/biscuit/security/advisories/GHSA-75rw-34q6-72cr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31053"
    },
    {
      "type": "WEB",
      "url": "https://eprint.iacr.org/2020/1484"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-75rw-34q6-72cr"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/biscuit-auth/biscuit"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0564"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Signature forgery in Biscuit"
}

GHSA-76XF-M95X-GXHF

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-3965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-02-09T04:10:00Z",
    "severity": "MODERATE"
  },
  "details": "Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.",
  "id": "GHSA-76xf-m95x-gxhf",
  "modified": "2022-05-13T01:27:14Z",
  "published": "2022-05-13T01:27:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3965"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14954"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=109664"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-777R-H845-392R

Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-12-31 03:30
VLAI
Details

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate validation can be disabled when a proxy is configured, allowing an attacker who can intercept network traffic to supply a malicious update manifest and corresponding package with a matching hash. This can cause the client to download and install a tampered update, resulting in arbitrary code execution with the privileges of the GoSign Desktop user on Windows and macOS, or with elevated privileges on some Linux deployments. A local attacker who can modify proxy settings may also abuse this behavior to escalate privileges by forcing installation of a crafted update.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T17:16:00Z",
    "severity": "HIGH"
  },
  "details": "GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate validation can be disabled when a proxy is configured, allowing an attacker who can intercept network traffic to supply a malicious update manifest and corresponding package with a matching hash. This can cause the client to download and install a tampered update, resulting in arbitrary code execution with the privileges of the GoSign Desktop user on Windows and macOS, or with elevated privileges on some Linux deployments. A local attacker who can modify proxy settings may also abuse this behavior to escalate privileges by forcing installation of a crafted update.",
  "id": "GHSA-777r-h845-392r",
  "modified": "2025-12-31T03:30:32Z",
  "published": "2025-11-18T18:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34324"
    },
    {
      "type": "WEB",
      "url": "https://infocert.digital/consumer/gosign-suite"
    },
    {
      "type": "WEB",
      "url": "https://www.ush.it/2025/11/14/multiple-vulnerabilities-gosign-desktop-remote-code-execution"
    },
    {
      "type": "WEB",
      "url": "https://www.ush.it/2025/11/14/vulnerabilita-multiple-gosign-desktop-esecuzione-remota-codice-arbitrario"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/gosign-desktop-insecure-update-mechanism-rce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.