Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1127 vulnerabilities reference this CWE, most recent first.

GHSA-PR86-5P67-45RX

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15090"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-23T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.",
  "id": "GHSA-pr86-5p67-45rx",
  "modified": "2022-05-13T01:37:35Z",
  "published": "2022-05-13T01:37:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15090"
    },
    {
      "type": "WEB",
      "url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101982"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PV24-75CX-C5M2

Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2023-12-31 21:30
VLAI
Details

A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka \u0027Windows Spoofing Vulnerability\u0027.",
  "id": "GHSA-pv24-75cx-c5m2",
  "modified": "2023-12-31T21:30:23Z",
  "published": "2022-05-24T17:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16922"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16922"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PV55-C55F-33QW

Vulnerability from github – Published: 2024-11-18 18:30 – Updated: 2024-11-18 18:30
VLAI
Details

A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T16:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the Image Signature Verification feature of Cisco\u0026nbsp;SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device.\nThe vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.Cisco\u0026nbsp;has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability.",
  "id": "GHSA-pv55-c55f-33qw",
  "modified": "2024-11-18T18:30:57Z",
  "published": "2024-11-18T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1461"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PW5X-X5JW-CCMH

Vulnerability from github – Published: 2024-01-12 03:30 – Updated: 2024-08-30 23:37
VLAI
Summary
Gentoo Portage missing PGP validation of executed code
Details

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "portage"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.47"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-20021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-30T23:37:34Z",
    "nvd_published_at": "2024-01-12T03:15:08Z",
    "severity": "HIGH"
  },
  "details": "In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.",
  "id": "GHSA-pw5x-x5jw-ccmh",
  "modified": "2024-08-30T23:37:34Z",
  "published": "2024-01-12T03:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20021"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gentoo/portage/commit/28cd240fb23d880b8641a058831c6762db71c3e2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.gentoo.org/597800"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gentoo/portage"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/portage/PYSEC-2024-10.yaml"
    },
    {
      "type": "WEB",
      "url": "https://gitweb.gentoo.org/proj/portage.git/tree/NEWS"
    },
    {
      "type": "WEB",
      "url": "https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b3c80502e96406b4b175e2ee79eb65f3f3cd9f6"
    },
    {
      "type": "WEB",
      "url": "https://wiki.gentoo.org/wiki/Portage"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Gentoo Portage missing PGP validation of executed code"
}

GHSA-PWQF-9H7J-7MV8

Vulnerability from github – Published: 2020-08-21 16:25 – Updated: 2024-11-18 22:40
VLAI
Summary
Incorrect threshold signature computation in TUF
Details

Impact

Metadadata signature verification, as used in tuf.client.updater, counted each of multiple signatures with identical authorized keyids separately towards the threshold. Therefore, an attacker with access to a valid signing key could create multiple valid signatures in order to meet the minimum threshold of keys before the metadata was considered valid.

The tuf maintainers would like to thank Erik MacLean of Analog Devices, Inc. for reporting this issue.

Patches

A fix is available in version 0.12.2 or newer.

Workarounds

No workarounds are known for this issue.

References

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-6174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-21T16:25:02Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\nMetadadata signature verification, as used in `tuf.client.updater`, counted each of multiple signatures with identical authorized keyids  separately towards the threshold. Therefore, an attacker with access to a valid signing key could create multiple valid signatures in order to meet the minimum threshold of keys before the metadata was considered valid.\n\nThe tuf maintainers would like to thank Erik MacLean of Analog Devices, Inc. for reporting this issue.\n\n### Patches\nA [fix](https://github.com/theupdateframework/tuf/pull/974) is available in version [0.12.2](https://github.com/theupdateframework/tuf/releases/tag/v0.12.2) or newer.\n\n### Workarounds\nNo workarounds are known for this issue.\n\n### References\n* [CVE-2020-6174](https://nvd.nist.gov/vuln/detail/CVE-2020-6174)\n* Pull request resolving the issue [PR 974](https://github.com/theupdateframework/tuf/pull/974)",
  "id": "GHSA-pwqf-9h7j-7mv8",
  "modified": "2024-11-18T22:40:36Z",
  "published": "2020-08-21T16:25:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/tuf/security/advisories/GHSA-pwqf-9h7j-7mv8"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6174"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/tuf/pull/974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/python-tuf/commit/2977188139d065ff3356c3cb4aec60c582b57e0e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tuf/PYSEC-2020-147.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/theupdateframework/tuf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/tuf/releases/tag/v0.12.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Incorrect threshold signature computation in TUF"
}

GHSA-PWVV-633W-65J9

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29
VLAI
Details

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-1736"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-23T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.",
  "id": "GHSA-pwvv-633w-65j9",
  "modified": "2022-05-24T17:29:15Z",
  "published": "2022-05-24T17:29:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1736"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200219-ucs-boot-bypass"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-PWW7-J9V6-XC6J

Vulnerability from github – Published: 2025-06-05 15:31 – Updated: 2025-10-22 00:33
VLAI
Details

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47827"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-05T14:15:32Z",
    "severity": "HIGH"
  },
  "details": "In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.",
  "id": "GHSA-pww7-j9v6-xc6j",
  "modified": "2025-10-22T00:33:18Z",
  "published": "2025-06-05T15:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47827"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Zedeldi/CVE-2025-47827"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Zedeldi/igelfs"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47827"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PXVH-PHH5-PGF4

Vulnerability from github – Published: 2022-05-17 00:16 – Updated: 2022-05-17 00:16
VLAI
Details

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-22T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking.",
  "id": "GHSA-pxvh-phh5-pgf4",
  "modified": "2022-05-17T00:16:40Z",
  "published": "2022-05-17T00:16:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8177"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-app-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q3F4-9H4P-VGR3

Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-29 10:09
VLAI
Summary
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
Details

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@lionello/secp256k1-js"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-27T22:34:59Z",
    "nvd_published_at": "2022-09-24T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.",
  "id": "GHSA-q3f4-9h4p-vgr3",
  "modified": "2022-09-29T10:09:03Z",
  "published": "2022-09-25T00:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lionello/secp256k1-js/issues/11"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lionello/secp256k1-js/commit/302800f0370b42e360a33774bb808274ac729c2e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/lionello/secp256k1-js"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lionello/secp256k1-js/compare/1.0.1...1.1.0"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/@lionello/secp256k1-js"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery"
}

GHSA-Q3JM-V27Q-JFWW

Vulnerability from github – Published: 2024-05-30 13:41 – Updated: 2024-05-30 13:41
VLAI
Summary
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Details

titon/framework package (which is now abandoned and no longer maintained) is vulnerable to remote code execution via Chosen-Ciphertext Attack.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "titon/framework"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.0-alpha"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-30T13:41:36Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "titon/framework package (which is now abandoned and no longer maintained) is vulnerable to remote code execution via Chosen-Ciphertext Attack.",
  "id": "GHSA-q3jm-v27q-jfww",
  "modified": "2024-05-30T13:41:36Z",
  "published": "2024-05-30T13:41:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/titon/framework/issues/93"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/titon/framework/2017-11-20.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/titon/framework"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack"
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.