CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1128 vulnerabilities reference this CWE, most recent first.
GHSA-739F-HW6H-7WQ8
Vulnerability from github – Published: 2022-08-10 18:38 – Updated: 2022-08-10 18:38PolicyController will report a false positive, resulting in an admission when it should not be admitted when: * There is at least one attestation with a valid signature * There are NO attestations of the type being verified (--type defaults to "custom")
Users should upgrade to cosign version 0.2.1 or greater for a patch. There are no known workarounds at this time.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/sigstore/policy-controller"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35930"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-10T18:38:16Z",
"nvd_published_at": "2022-08-04T22:15:00Z",
"severity": "HIGH"
},
"details": "PolicyController will report a false positive, resulting in an admission when it should not be admitted when:\n * There is at least one attestation with a valid signature\n * There are NO attestations of the type being verified (--type defaults to \"custom\")\n\nUsers should upgrade to cosign version 0.2.1 or greater for a patch. There are no known workarounds at this time.",
"id": "GHSA-739f-hw6h-7wq8",
"modified": "2022-08-10T18:38:16Z",
"published": "2022-08-10T18:38:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sigstore/policy-controller/security/advisories/GHSA-739f-hw6h-7wq8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35930"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/policy-controller/commit/e852af36fb7d42678b21d7e97503c25bd1fd05c8"
},
{
"type": "PACKAGE",
"url": "https://github.com/sigstore/policy-controller"
},
{
"type": "WEB",
"url": "https://github.com/sigstore/policy-controller/releases/tag/v0.2.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "PolicyController before 0.2.1 may bypass attestation verification"
}
GHSA-73V4-JJR8-V4CQ
Vulnerability from github – Published: 2022-09-03 00:00 – Updated: 2022-09-09 00:00Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-35113"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-02T12:15:00Z",
"severity": "MODERATE"
},
"details": "Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
"id": "GHSA-73v4-jjr8-v4cq",
"modified": "2022-09-09T00:00:55Z",
"published": "2022-09-03T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35113"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-747X-5M58-MQ97
Vulnerability from github – Published: 2024-02-13 06:30 – Updated: 2024-10-16 17:06Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.
Note:
The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "svix"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21491"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-13T18:36:52Z",
"nvd_published_at": "2024-02-13T05:15:08Z",
"severity": "MODERATE"
},
"details": "Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature.\n\n**Note:**\n\nThe attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.",
"id": "GHSA-747x-5m58-mq97",
"modified": "2024-10-16T17:06:15Z",
"published": "2024-02-13T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21491"
},
{
"type": "WEB",
"url": "https://github.com/svix/svix-webhooks/pull/1190"
},
{
"type": "WEB",
"url": "https://github.com/svix/svix-webhooks/commit/958821bd3b956d1436af65f70a0964d4ffb7daf6"
},
{
"type": "PACKAGE",
"url": "https://github.com/svix/svix-webhooks"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0010.html"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-RUST-SVIX-6230729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "svix vulnerable to Authentication Bypass"
}
GHSA-74WM-8C3J-GW64
Vulnerability from github – Published: 2023-08-29 09:30 – Updated: 2024-04-04 07:15Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
{
"affected": [],
"aliases": [
"CVE-2023-23773"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-29T09:15:09Z",
"severity": "HIGH"
},
"details": "Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.",
"id": "GHSA-74wm-8c3j-gw64",
"modified": "2024-04-04T07:15:15Z",
"published": "2023-08-29T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23773"
},
{
"type": "WEB",
"url": "https://tetraburst.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-754F-8GM6-C4R2
Vulnerability from github – Published: 2025-03-12 20:54 – Updated: 2025-11-03 21:33Summary
An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.
Impact
This issue may lead to authentication bypass.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "ruby-saml"
},
"ranges": [
{
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.18.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "ruby-saml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-25292"
],
"database_specific": {
"cwe_ids": [
"CWE-347",
"CWE-436"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-12T20:54:42Z",
"nvd_published_at": "2025-03-12T21:15:42Z",
"severity": "CRITICAL"
},
"details": "### Summary\nAn authentication bypass vulnerability was found in ruby-saml due to a parser differential.\nReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.\n\n### Impact\nThis issue may lead to authentication bypass.",
"id": "GHSA-754f-8gm6-c4r2",
"modified": "2025-11-03T21:33:11Z",
"published": "2025-03-12T20:54:42Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2"
},
{
"type": "WEB",
"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25292"
},
{
"type": "WEB",
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9"
},
{
"type": "WEB",
"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97"
},
{
"type": "WEB",
"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"
},
{
"type": "WEB",
"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"
},
{
"type": "PACKAGE",
"url": "https://github.com/SAML-Toolkits/ruby-saml"
},
{
"type": "WEB",
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"
},
{
"type": "WEB",
"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25292.yml"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=43374519"
},
{
"type": "WEB",
"url": "https://portswigger.net/research/saml-roulette-the-hacker-always-wins"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250314-0009"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)"
}
GHSA-75FF-MXV3-9XHW
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:22perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.
{
"affected": [],
"aliases": [
"CVE-2019-1010161"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-25T14:15:00Z",
"severity": "CRITICAL"
},
"details": "perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.",
"id": "GHSA-75ff-mxv3-9xhw",
"modified": "2024-04-04T01:22:03Z",
"published": "2022-05-24T16:51:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010161"
},
{
"type": "WEB",
"url": "https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-75G4-7255-WXGC
Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2025-10-22 00:31A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2020-1464"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-17T19:15:00Z",
"severity": "LOW"
},
"details": "A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka \u0027Windows Spoofing Vulnerability\u0027.",
"id": "GHSA-75g4-7255-wxgc",
"modified": "2025-10-22T00:31:57Z",
"published": "2022-05-24T17:25:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1464"
},
{
"type": "WEB",
"url": "https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html"
},
{
"type": "WEB",
"url": "https://krebsonsecurity.com/2020/08/microsoft-put-off-fixing-zero-day-for-2-years"
},
{
"type": "WEB",
"url": "https://medium.com/%40TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
},
{
"type": "WEB",
"url": "https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1464"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-75RW-34Q6-72CR
Vulnerability from github – Published: 2022-06-17 00:38 – Updated: 2023-03-07 00:39Impact
The paper Cryptanalysis of Aggregate Γ-Signature and Practical Countermeasures in Application to Bitcoin defines a way to forge valid Γ-signatures, an algorithm that is used in the Biscuit specification version 1. It would allow an attacker to create a token with any access level.
As Biscuit v1 was still an early version and not broadly deployed, we were able to contact all known users of Biscuit v1 and help them migrate to Biscuit v2. We are not aware of any active exploitation of this vulnerability.
Patches
The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification.
Workarounds
There is no known workaround, any use of Biscuit v1 should be migrated to v2.
References
Cryptanalysis of Aggregate Γ-Signature and Practical Countermeasures in Application to Bitcoin
For more information
If you have any questions or comments about this advisory: * Open an issue in biscuit-auth/biscuit * Ask questions on Matrix
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "biscuit-auth"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/biscuit-auth/biscuit-go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.clever-cloud:biscuit-java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31053"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-17T00:38:03Z",
"nvd_published_at": "2022-06-13T20:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nThe paper [Cryptanalysis of Aggregate \u0393-Signature and Practical Countermeasures in Application to Bitcoin](https://eprint.iacr.org/2020/1484) defines a way to forge valid \u0393-signatures, an algorithm that is used in the Biscuit specification version 1.\nIt would allow an attacker to create a token with any access level.\n\nAs Biscuit v1 was still an early version and not broadly deployed, we were able to contact all known users of Biscuit v1 and help them migrate to Biscuit v2.\nWe are not aware of any active exploitation of this vulnerability.\n\n### Patches\n\nThe version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification.\n\n### Workarounds\n\nThere is no known workaround, any use of Biscuit v1 should be migrated to v2.\n\n### References\n[Cryptanalysis of Aggregate \u0393-Signature and Practical Countermeasures in Application to Bitcoin](https://eprint.iacr.org/2020/1484)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [biscuit-auth/biscuit](https://github.com/biscuit-auth/biscuit)\n* Ask questions on [Matrix](https://matrix.to/#/#biscuit-auth:matrix.org)\n",
"id": "GHSA-75rw-34q6-72cr",
"modified": "2023-03-07T00:39:38Z",
"published": "2022-06-17T00:38:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/biscuit-auth/biscuit/security/advisories/GHSA-75rw-34q6-72cr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31053"
},
{
"type": "WEB",
"url": "https://eprint.iacr.org/2020/1484"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-75rw-34q6-72cr"
},
{
"type": "PACKAGE",
"url": "https://github.com/biscuit-auth/biscuit"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0564"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Signature forgery in Biscuit"
}
GHSA-76XF-M95X-GXHF
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2011-3965"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-02-09T04:10:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.",
"id": "GHSA-76xf-m95x-gxhf",
"modified": "2022-05-13T01:27:14Z",
"published": "2022-05-13T01:27:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3965"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14954"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=109664"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-777R-H845-392R
Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-12-31 03:30GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate validation can be disabled when a proxy is configured, allowing an attacker who can intercept network traffic to supply a malicious update manifest and corresponding package with a matching hash. This can cause the client to download and install a tampered update, resulting in arbitrary code execution with the privileges of the GoSign Desktop user on Windows and macOS, or with elevated privileges on some Linux deployments. A local attacker who can modify proxy settings may also abuse this behavior to escalate privileges by forcing installation of a crafted update.
{
"affected": [],
"aliases": [
"CVE-2025-34324"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T17:16:00Z",
"severity": "HIGH"
},
"details": "GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate validation can be disabled when a proxy is configured, allowing an attacker who can intercept network traffic to supply a malicious update manifest and corresponding package with a matching hash. This can cause the client to download and install a tampered update, resulting in arbitrary code execution with the privileges of the GoSign Desktop user on Windows and macOS, or with elevated privileges on some Linux deployments. A local attacker who can modify proxy settings may also abuse this behavior to escalate privileges by forcing installation of a crafted update.",
"id": "GHSA-777r-h845-392r",
"modified": "2025-12-31T03:30:32Z",
"published": "2025-11-18T18:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34324"
},
{
"type": "WEB",
"url": "https://infocert.digital/consumer/gosign-suite"
},
{
"type": "WEB",
"url": "https://www.ush.it/2025/11/14/multiple-vulnerabilities-gosign-desktop-remote-code-execution"
},
{
"type": "WEB",
"url": "https://www.ush.it/2025/11/14/vulnerabilita-multiple-gosign-desktop-esecuzione-remota-codice-arbitrario"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/gosign-desktop-insecure-update-mechanism-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.