CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1128 vulnerabilities reference this CWE, most recent first.
GHSA-854X-2JM6-MVWP
Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-14 12:00A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the boot process of the affected device. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device. Note: In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software running on a device to a release where root shell access is more readily available.
{
"affected": [],
"aliases": [
"CVE-2022-20944"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-10T21:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the boot process of the affected device. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device. Note: In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software running on a device to a release where root shell access is more readily available.",
"id": "GHSA-854x-2jm6-mvwp",
"modified": "2022-10-14T12:00:25Z",
"published": "2022-10-11T12:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20944"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-869P-CJFG-CM3X
Vulnerability from github – Published: 2025-12-04 16:54 – Updated: 2025-12-04 22:50Overview
An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions.
Am I Affected?
You are affected by this vulnerability if you meet all of the following preconditions:
- Application uses the auth0/node-jws implementation of JSON Web Signatures, versions <=3.2.2 || 4.0.0
- Application uses the jws.createVerify() function for HMAC algorithms
- Application uses user-provided data from the JSON Web Signature Protected Header or Payload in the HMAC secret lookup routines
You are NOT affected by this vulnerability if you meet any of the following preconditions:
1. Application uses the jws.verify() interface (note: auth0/node-jsonwebtoken users fall into this category and are therefore NOT affected by this vulnerability)
2. Application uses only asymmetric algorithms (e.g. RS256)
3. Application doesn’t use user-provided data from the JSON Web Signature Protected Header or Payload in the HMAC secret lookup routines
Fix
Upgrade auth0/node-jws version to version 3.2.3 or 4.0.1
Acknowledgement
Okta would like to thank Félix Charette for discovering this vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jws"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "jws"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.0"
]
}
],
"aliases": [
"CVE-2025-65945"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-04T16:54:15Z",
"nvd_published_at": "2025-12-04T19:16:05Z",
"severity": "HIGH"
},
"details": "### Overview\nAn improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions.\n\n### Am I Affected?\nYou are affected by this vulnerability if you meet all of the following preconditions:\n\n1. Application uses the auth0/node-jws implementation of JSON Web Signatures, versions \u003c=3.2.2 || 4.0.0\n2. Application uses the jws.createVerify() function for HMAC algorithms\n3. Application uses user-provided data from the JSON Web Signature Protected Header or Payload in the HMAC secret lookup routines\n\nYou are NOT affected by this vulnerability if you meet any of the following preconditions:\n1. Application uses the jws.verify() interface (note: `auth0/node-jsonwebtoken` users fall into this category and are therefore NOT affected by this vulnerability)\n2. Application uses only asymmetric algorithms (e.g. RS256)\n3. Application doesn\u2019t use user-provided data from the JSON Web Signature Protected Header or Payload in the HMAC secret lookup routines\n\n### Fix\nUpgrade auth0/node-jws version to version 3.2.3 or 4.0.1\n\n### Acknowledgement\nOkta would like to thank F\u00e9lix Charette for discovering this vulnerability.",
"id": "GHSA-869p-cjfg-cm3x",
"modified": "2025-12-04T22:50:03Z",
"published": "2025-12-04T16:54:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"type": "WEB",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"type": "WEB",
"url": "https://github.com/auth0/node-jws/commit/4f6e73f24df42f07d632dec6431ade8eda8d11a6"
},
{
"type": "PACKAGE",
"url": "https://github.com/auth0/node-jws"
},
{
"type": "WEB",
"url": "https://github.com/auth0/node-jws/releases/tag/v3.2.3"
},
{
"type": "WEB",
"url": "https://github.com/auth0/node-jws/releases/tag/v4.0.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "auth0/node-jws Improperly Verifies HMAC Signature"
}
GHSA-88C7-XPJH-3F4J
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2024-11-26 18:38A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.
{
"affected": [],
"aliases": [
"CVE-2020-3308"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-06T17:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.",
"id": "GHSA-88c7-xpjh-3f4j",
"modified": "2024-11-26T18:38:40Z",
"published": "2022-05-24T17:17:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3308"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sigbypass-FcvPPCeP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-88H9-77C7-P6W4
Vulnerability from github – Published: 2025-11-12 21:45 – Updated: 2025-11-18 17:00Summary
A vulnerability was identified in the evervault-go SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees.
The exploitability of this issue is limited in Evervault-hosted environments as an attacker would require the pre-requisite ability to serve requests from specific evervault domain names, following from our ACME challenge based TLS certificate acquisition pipeline.
The vulnerability primarily affects applications which only check PCR8. Though the efficacy is also reduced for applications that check all PCR values, the impact is largely remediated by checking PCR 0, 1 and 2.
Patches
The identified issue has been addressed in version 1.3.2 by validating attestation documents before storing in the cache, and replacing the naive equality checks with a new SatisfiedBy check.
Workarounds
If you are using evervault-go to attest Enclaves that are hosted outside of Evervault environments and cannot upgrade:
1) Modify your application logic to fail verification if PCR8 is not explicitly present and non-empty 2) Add custom pre-validation to reject documents that omit any required PCRs.
POC
package evervault
import (
"testing"
"github.com/evervault/evervault-go/attestation"
"github.com/stretchr/testify/assert"
"github.com/hf/nitrite"
)
func TestVulnerableCompare(t *testing.T) {
assert := assert.New(t)
// arrange
expectedPCRs := []attestation.PCRs{
attestation.PCRs{
PCR0:
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
PCR1:
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002",
PCR2:
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003",
PCR8:
"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004",
},
}
actualDocument := nitrite.Document {}
actualDocument.PCRs = map[uint][]byte{
10: make([]byte, 32),
}
// act
v := verifyPCRs(expectedPCRs, actualDocument)
// assert
// Verify should not pass but it does
assert.Equal(true, v)
}
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/evervault/evervault-go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-64186"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-12T21:45:06Z",
"nvd_published_at": "2025-11-12T21:15:53Z",
"severity": "HIGH"
},
"details": "### Summary\n\nA vulnerability was identified in the `evervault-go` SDK\u2019s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees.\n\nThe exploitability of this issue is limited in Evervault-hosted environments as an attacker would require the pre-requisite ability to serve requests from specific evervault domain names, following from our ACME challenge based TLS certificate acquisition pipeline. \n\nThe vulnerability primarily affects applications which only check PCR8. Though the efficacy is also reduced for applications that check all PCR values, the impact is largely remediated by checking PCR 0, 1 and 2.\n \n\n### Patches\nThe identified issue has been addressed in version [1.3.2](https://github.com/evervault/evervault-go/pull/48) by validating attestation documents before storing in the cache, and replacing the naive equality checks with a new SatisfiedBy check.\n\n### Workarounds\nIf you are using evervault-go to attest Enclaves that are hosted outside of Evervault environments and cannot upgrade:\n\n1) Modify your application logic to fail verification if PCR8 is not explicitly present and non-empty\n2) Add custom pre-validation to reject documents that omit any required PCRs.\n\n### POC\n```\npackage evervault\nimport (\n \"testing\"\n\n \"github.com/evervault/evervault-go/attestation\"\n \"github.com/stretchr/testify/assert\"\n \"github.com/hf/nitrite\"\n)\n\n\nfunc TestVulnerableCompare(t *testing.T) {\n assert := assert.New(t)\n // arrange\n expectedPCRs := []attestation.PCRs{\n attestation.PCRs{\n PCR0:\n\"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001\",\n PCR1:\n\"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002\",\n PCR2:\n\"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003\",\n PCR8:\n\"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004\",\n },\n }\n actualDocument := nitrite.Document {}\n actualDocument.PCRs = map[uint][]byte{\n 10: make([]byte, 32),\n }\n // act\n v := verifyPCRs(expectedPCRs, actualDocument)\n \n // assert\n // Verify should not pass but it does\n \n assert.Equal(true, v)\n}\n```",
"id": "GHSA-88h9-77c7-p6w4",
"modified": "2025-11-18T17:00:18Z",
"published": "2025-11-12T21:45:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/evervault/evervault-go/security/advisories/GHSA-88h9-77c7-p6w4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64186"
},
{
"type": "WEB",
"url": "https://github.com/evervault/evervault-go/pull/48"
},
{
"type": "WEB",
"url": "https://github.com/evervault/evervault-go/commit/7c824d289bba11ec0bea46a338023f5b128bbb28"
},
{
"type": "PACKAGE",
"url": "https://github.com/evervault/evervault-go"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves"
}
GHSA-89Q4-G827-GP8H
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-09 00:01Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.
{
"affected": [],
"aliases": [
"CVE-2015-3298"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T00:15:00Z",
"severity": "HIGH"
},
"details": "Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.",
"id": "GHSA-89q4-g827-gp8h",
"modified": "2022-04-09T00:01:00Z",
"published": "2022-03-31T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3298"
},
{
"type": "WEB",
"url": "https://developers.yubico.com/ykneo-openpgp/SecurityAdvisory%202015-04-14.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89V2-G37M-G3FF
Vulnerability from github – Published: 2021-06-01 21:18 – Updated: 2021-06-01 18:53Impact
This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages.
This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In addition to these signatures, the ESDK uses AES-GCM encryption and all plaintext is verified before being released to a caller. There is no impact on the integrity of the ciphertext or decrypted plaintext, however some callers may rely on the the ECDSA signature for non-repudiation. Without validating the ECDSA signature, an actor with trusted KMS permissions to decrypt a message may also be able to encrypt messages. This update introduces a new API for callers who wish to stream only unsigned messages.
For customers who process ESDK messages from untrusted sources, this update also introduces a new configuration to limit the number of Encrypted Data Keys (EDKs) that the ESDK will attempt to process per message. This configuration provides customers with a way to limit the number of AWS KMS Decrypt API calls that the ESDK will make per message. This setting will reject messages with more EDKs than the configured limit.
Finally, this update adds early rejection of invalid messages with certain invalid combinations of algorithm suite and header data.
Patches
Fixed in versions 1.9 and 2.2. We recommend that all users upgrade to address these issues.
Customers leveraging the ESDK’s streaming features have several options to protect signature validation. One is to ensure that client code reads to the end of the stream before using released plaintext. With this release, using the new API for streaming and falling back to the non-streaming decrypt API for signed messages prevents using any plaintext from signed data before the signature is validated. See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x
Users processing ESDK messages from untrusted sources should use the new maximum encrypted data keys parameter. See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x
Workarounds
None
For more information
https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#digital-sigs
https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "aws-encryption-sdk-cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "aws-encryption-sdk-cli"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-01T18:53:10Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nThis advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. \n\nThis ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In addition to these signatures, the ESDK uses AES-GCM encryption and all plaintext is verified before being released to a caller. There is no impact on the integrity of the ciphertext or decrypted plaintext, however some callers may rely on the the ECDSA signature for non-repudiation. Without validating the ECDSA signature, an actor with trusted KMS permissions to decrypt a message may also be able to encrypt messages. This update introduces a new API for callers who wish to stream only unsigned messages. \n\nFor customers who process ESDK messages from untrusted sources, this update also introduces a new configuration to limit the number of Encrypted Data Keys (EDKs) that the ESDK will attempt to process per message. This configuration provides customers with a way to limit the number of AWS KMS Decrypt API calls that the ESDK will make per message. This setting will reject messages with more EDKs than the configured limit.\n\nFinally, this update adds early rejection of invalid messages with certain invalid combinations of algorithm suite and header data.\n\n### Patches\n\nFixed in versions 1.9 and 2.2. We recommend that all users upgrade to address these issues.\n\nCustomers leveraging the ESDK\u2019s streaming features have several options to protect signature validation. One is to ensure that client code reads to the end of the stream before using released plaintext. With this release, using the new API for streaming and falling back to the non-streaming decrypt API for signed messages prevents using any plaintext from signed data before the signature is validated. See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x\n\nUsers processing ESDK messages from untrusted sources should use the new maximum encrypted data keys parameter. See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x\n\n### Workarounds\n\nNone\n\n### For more information\n\nhttps://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#digital-sigs\n\nhttps://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/about-versions.html#version2.2.x\n",
"id": "GHSA-89v2-g37m-g3ff",
"modified": "2021-06-01T18:53:10Z",
"published": "2021-06-01T21:18:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/aws/aws-encryption-sdk-cli/security/advisories/GHSA-89v2-g37m-g3ff"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli"
}
GHSA-8C5W-9G3P-G72C
Vulnerability from github – Published: 2023-07-13 18:30 – Updated: 2024-04-04 06:07Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.
{
"affected": [],
"aliases": [
"CVE-2023-33768"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-13T16:15:09Z",
"severity": "MODERATE"
},
"details": "Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.",
"id": "GHSA-8c5w-9g3p-g72c",
"modified": "2024-04-04T06:07:29Z",
"published": "2023-07-13T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33768"
},
{
"type": "WEB",
"url": "https://github.com/purseclab/CVE-2023-33768"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=com.belkin.wemoandroid\u0026hl=en_US\u0026gl=US"
},
{
"type": "WEB",
"url": "https://www.amazon.com/Control-Devices-Remotely-Assistant-HomeKit/dp/B08CJGZZZ1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CJ2-JG77-QJ2P
Vulnerability from github – Published: 2022-05-03 00:01 – Updated: 2025-10-22 03:30The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2013-3900"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-12-11T00:55:00Z",
"severity": "HIGH"
},
"details": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka \"WinVerifyTrust Signature Validation Vulnerability.\"",
"id": "GHSA-8cj2-jg77-qj2p",
"modified": "2025-10-22T03:30:35Z",
"published": "2022-05-03T00:01:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3900"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-098"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-3900"
},
{
"type": "WEB",
"url": "http://blogs.technet.com/b/srd/archive/2013/12/10/ms13-098-update-to-enhance-the-security-of-authenticode.aspx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CJC-2W58-7V5J
Vulnerability from github – Published: 2022-05-17 02:33 – Updated: 2022-05-17 02:33A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.
{
"affected": [],
"aliases": [
"CVE-2014-9934"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-16T14:29:00Z",
"severity": "HIGH"
},
"details": "A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.",
"id": "GHSA-8cjc-2w58-7v5j",
"modified": "2022-05-17T02:33:15Z",
"published": "2022-05-17T02:33:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9934"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97329"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8F4C-9GMV-RFM8
Vulnerability from github – Published: 2025-03-28 06:30 – Updated: 2025-03-28 06:30The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).
{
"affected": [],
"aliases": [
"CVE-2025-31335"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-28T06:15:34Z",
"severity": "MODERATE"
},
"details": "The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).",
"id": "GHSA-8f4c-9gmv-rfm8",
"modified": "2025-03-28T06:30:27Z",
"published": "2025-03-28T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31335"
},
{
"type": "WEB",
"url": "https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00041.html"
},
{
"type": "WEB",
"url": "https://shibboleth.atlassian.net/browse/CPPOST-126"
},
{
"type": "WEB",
"url": "https://shibboleth.net/community/advisories/secadv_20250313.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.