Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-21405

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-15 Apr, 2021 | 21:35
Updated At-03 Aug, 2024 | 18:09
Rejected At-
Credits

BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:15 Apr, 2021 | 21:35
Updated At:03 Aug, 2024 | 18:09
Rejected At:
▼CVE Numbering Authority (CNA)
BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

Affected Products
Vendor
filecoin-project
Product
lotus
Versions
Affected
  • < 1.5.0
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347 Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347 Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
x_refsource_CONFIRM
https://github.com/filecoin-project/lotus/pull/5393
x_refsource_MISC
https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
x_refsource_MISC
Hyperlink: https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/filecoin-project/lotus/pull/5393
Resource:
x_refsource_MISC
Hyperlink: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
x_refsource_CONFIRM
x_transferred
https://github.com/filecoin-project/lotus/pull/5393
x_refsource_MISC
x_transferred
https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/filecoin-project/lotus/pull/5393
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:15 Apr, 2021 | 22:15
Updated At:23 Apr, 2021 | 14:40

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches

filecoin
filecoin
>>lotus>>Versions before 1.5.0(exclusive)
cpe:2.3:a:filecoin:lotus:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-347Primarysecurity-advisories@github.com
CWE ID: CWE-347
Type: Primary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754security-advisories@github.com
Exploit
Third Party Advisory
https://github.com/filecoin-project/lotus/pull/5393security-advisories@github.com
Patch
Third Party Advisory
https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvhsecurity-advisories@github.com
Patch
Third Party Advisory
Hyperlink: https://gist.github.com/wadeAlexC/2490d522e81a796af9efcad1686e6754
Source: security-advisories@github.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/filecoin-project/lotus/pull/5393
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/filecoin-project/lotus/security/advisories/GHSA-4g52-pqcj-phvh
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

106Records found

CVE-2022-24771
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.66%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 13:25
Updated-23 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in node-forge

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

Action-Not Available
Vendor-digitalbazaardigitalbazaar
Product-forgeforge
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24884
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.04% / 60.11%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 23:50
Updated-23 Apr, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trivial signature forgery in ecdsautils

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.

Action-Not Available
Vendor-ecdsautils_projectfreifunk-gluonFedora ProjectDebian GNU/Linux
Product-ecdsautilsdebian_linuxfedoraecdsautils
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2012-2092
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-3.66% / 88.39%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 16:19
Updated-06 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.

Action-Not Available
Vendor-Canonical Ltd.Ubuntu
Product-ubuntu_cobblerCobbler
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-0114
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-42.65% / 98.56%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 06:00
Updated-02 Dec, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-node-joseNode-jose Library
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-5588
Matching Score-4
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
ShareView Details
Matching Score-4
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
CVSS Score-6.3||MEDIUM
EPSS-0.39% / 31.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 09:06
Updated-16 Jul, 2026 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKIX draft CompositeVerifier accepts empty signature sequence as valid.

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.

Action-Not Available
Vendor-Legion of the Bouncy Castle Inc.Red Hat, Inc.
Product-BC-JAVABCPKIX-FIPSBCPIX-LTSOpenShift Developer Tools and ServicesRed Hat OpenShift Dev Spaces 3.28Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14Red Hat Process Automation 7Red Hat Fuse 7Red Hat build of Quarkus 3.20.6.SP1Red Hat AMQ Broker 7.12.7Red Hat Build of Apache Camel 4.14 for Quarkus 3.27Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat Enterprise Linux 9Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9Red Hat Data Grid 8streams for Apache Kafka 3Red Hat build of Debezium 3Red Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6Cryostat 4streams for Apache Kafka 2Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8Red Hat JBoss Enterprise Application Platform 8.1Red Hat AMQ Broker 7.13.5Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Single Sign-On 7Red Hat AMQ Broker 7Red Hat build of Quarkus 3.27.3.SP1Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2017-8177
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 38.84%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-hiwalletHiWallet
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2005-2182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.42%
||
7 Day CHG~0.00%
Published-10 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

Action-Not Available
Vendor-grandstreamn/a
Product-bt-100_firmwarebt-100n/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2017-17847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.62%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.

Action-Not Available
Vendor-enigmailn/aDebian GNU/Linux
Product-debian_linuxenigmailn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2017-17848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.84% / 76.63%
||
7 Day CHG~0.00%
Published-22 Dec, 2017 | 23:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.

Action-Not Available
Vendor-enigmailn/aDebian GNU/Linux
Product-debian_linuxenigmailn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-37568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 00:00
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)

Action-Not Available
Vendor-authlibn/alepture
Product-authlibn/aauthlib
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2017-16005
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.86% / 54.35%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.

Action-Not Available
Vendor-joyentHackerOne
Product-http-signaturehttp-signature node module
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33467
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 2.50%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 21:15
Updated-05 May, 2026 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in Elastic Package Registry Leading to Package Integrity Bypass

Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing closed.

Action-Not Available
Vendor-Elasticsearch BV
Product-elastic_package_registryElastic Package Registry
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33487
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 21.80%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 17:17
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
goxmldsig has validateSignature Loop Variable Capture Signature Bypass

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.

Action-Not Available
Vendor-goxmldsig_projectrussellhaeringRed Hat, Inc.
Product-goxmldsiggoxmldsigRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Multicluster Global Hub 1.5.4Red Hat OpenShift GitOps 1.19Red Hat Advanced Cluster Security 4Red Hat OpenShift GitOps 1.18Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2.14Multicluster Global Hub 1.4.5
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-682
Incorrect Calculation
CVE-2026-33895
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.01%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 20:47
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has signature forgery in Ed25519 due to missing S > L check

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Quay 3Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Logging Subsystem for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat Build of Podman DesktopCryostat 4Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33894
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.09%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 20:45
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Logging Subsystem for Red Hat OpenShiftRed Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Quay 3.17Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Quay 3.14Red Hat Quay 3.12Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0Red Hat Quay 3.10Red Hat Quay 3.15
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-3338
Matching Score-4
Assigner-Amazon
ShareView Details
Matching Score-4
Assigner-Amazon
CVSS Score-8.7||HIGH
EPSS-0.78% / 51.79%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 21:22
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKCS7_verify Signature Validation Bypass in AWS-LC

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Action-Not Available
Vendor-amazonAWSRed Hat, Inc.
Product-aws-lc-sysaws_libcryptoAWS-LCRed Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux 9Confidential Compute AttestationRed Hat Trusted Profile AnalyzerRed Hat OpenShift Update ServiceRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-32883
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.15% / 4.99%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 20:36
Updated-13 Apr, 2026 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Botan: Missing OCSP Response Signature Verification Allows MitM Certificate Revocation Bypass

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0.

Action-Not Available
Vendor-botan_projectrandombit
Product-botanbotan
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-32614
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 11.31%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:14
Updated-15 Apr, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability

Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1.

Action-Not Available
Vendor-emmansun
Product-gmsm
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-32597
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 21:41
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Action-Not Available
Vendor-pyjwt_projectjpadillaRed Hat, Inc.
Product-pyjwtpyjwtRed Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AI Inference ServerRed Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Satellite 6.18Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2.5Red Hat Ansible Automation Platform 2Red Hat Satellite 6Red Hat Quay 3.12OpenShift LightspeedRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Ansible Automation Platform 2.6Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-15827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 48.73%
||
7 Day CHG~0.00%
Published-08 Aug, 2020 | 20:24
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-toolboxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-15957
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.55% / 72.38%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 13:08
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none.

Action-Not Available
Vendor-dp3t-backend-software_development_kit_projectn/a
Product-dp3t-backend-software_development_kitn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-28432
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.15% / 4.45%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 21:19
Updated-13 Mar, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

Action-Not Available
Vendor-misskeymisskey-dev
Product-misskeymisskey
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-14966
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.41%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 11:20
Updated-22 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

Action-Not Available
Vendor-kjurn/aNetApp, Inc.
Product-max_datajsrsasignn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2002-1706
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.18% / 64.05%
||
7 Day CHG-0.01%
Published-21 Jun, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ubr7100iosubr7200n/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-14515
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.84% / 53.72%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 19:48
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected.

Action-Not Available
Vendor-wibun/a
Product-codemeterCodeMeter
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-23992
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 9.49%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 02:20
Updated-17 Feb, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
go-tuf improperly validates the configured threshold for delegations

go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to unauthorized modification to TUF metadata files is possible at rest, or during transit as no integrity checks are made. Version 2.3.1 fixes the issue. As a workaround, always make sure that the TUF metadata roles are configured with a threshold of at least 1.

Action-Not Available
Vendor-theupdateframeworktheupdateframework
Product-go-tufgo-tuf
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-23967
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 8.79%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 01:59
Updated-25 Feb, 2026 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sm-crypto Affected by Signature Malleability in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue.

Action-Not Available
Vendor-juneandgreenJuneAndGreen
Product-sm-cryptosm-crypto
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-23965
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 9.26%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 02:05
Updated-25 Feb, 2026 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sm-crypto Affected by Signature Forgery in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for arbitrary public keys. If the message space contains sufficient redundancy, the attacker can fix the prefix of the message associated with the forged signature to satisfy specific formatting requirements. Version 0.4.0 patches the issue.

Action-Not Available
Vendor-juneandgreenJuneAndGreen
Product-sm-cryptosm-crypto
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-22866
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.7||LOW
EPSS-0.18% / 7.38%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 15:47
Updated-13 Mar, 2026 | 01:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.

Action-Not Available
Vendor-ens.domainsensdomains
Product-ethereum_name_serviceens-contracts
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-0750
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-8.7||HIGH
EPSS-0.29% / 20.78%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 18:53
Updated-09 Mar, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Payment bypass in Commerce Paybox

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.

Action-Not Available
Vendor-verifoneThe Drupal Association
Product-commerce_payboxDrupal Commerce Paybox
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-46234
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 40.01%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 14:31
Updated-10 Apr, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

Action-Not Available
Vendor-browserifybrowserifyDebian GNU/Linux
Product-debian_linuxbrowserify-signbrowserify-sign
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-7340
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-0.93% / 56.77%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:01
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Action-Not Available
Vendor-Duo SecurityCisco Systems, Inc.
Product-duo_network_gatewayDuo Network Gateway
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-5387
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.66% / 74.05%
||
7 Day CHG~0.00%
Published-24 Jul, 2018 | 15:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.

Action-Not Available
Vendor-wizkundeWizkunde
Product-samlbaseSAMLBase
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-39392
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 11:33
Updated-10 Oct, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-16
Not Available
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-39393
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.21% / 11.39%
||
7 Day CHG~0.00%
Published-13 Aug, 2023 | 11:34
Updated-10 Oct, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-3756
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.82% / 53.02%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 19:00
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.

Action-Not Available
Vendor-hyperledgern/a
Product-irohan/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-21134
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.3||HIGH
EPSS-0.91% / 55.90%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 19:10
Updated-15 Apr, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A firmware update vulnerability exists in the &quot;update&quot; firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.

Action-Not Available
Vendor-n/aReolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-23456
Matching Score-4
Assigner-Zscaler, Inc.
ShareView Details
Matching Score-4
Assigner-Zscaler, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 13.33%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 15:21
Updated-07 Aug, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Signature validation issue leads to Anti-Tampering bypass

Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.

Action-Not Available
Vendor-Zscaler, Inc.
Product-client_connectorClient Connectorclient_connector
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-44878
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.50%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 12:52
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value.

Action-Not Available
Vendor-pac4jn/a
Product-pac4jn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-65945
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.20% / 9.98%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 18:45
Updated-09 Mar, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.

Action-Not Available
Vendor-auth0auth0
Product-node-jwsnode-jws
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-41831
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-1.45% / 70.52%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 08:10
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Timestamp Manipulation with Signature Wrapping

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openofficeApache OpenOffice
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-31172
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.47%
||
7 Day CHG+0.05%
Published-21 Jul, 2022 | 13:55
Updated-23 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. `SignatureChecker.isValidSignatureNow` is not expected to revert. However, an incorrect assumption about Solidity 0.8's `abi.decode` allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use `SignatureChecker` to check the validity of a signature and handle invalid signatures in a way other than reverting. The issue was patched in version 4.7.1.

Action-Not Available
Vendor-openzeppelinOpenZeppelin
Product-contractsopenzeppelin-contracts
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-34433
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.03%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 17:10
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-californiumEclipse Californium
CWE ID-CWE-322
Key Exchange without Entity Authentication
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-30130
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 60.61%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

Action-Not Available
Vendor-phpseclibn/aDebian GNU/Linux
Product-debian_linuxphpseclibn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-29500
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.49%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 20:05
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing validation of JWT signature

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs.

Action-Not Available
Vendor-bubble_fireworks_projectfxbin
Product-bubble_fireworksbubble-fireworks
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-15836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 71.27%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 21:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.

Action-Not Available
Vendor-xelerancen/a
Product-openswann/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-16151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.89% / 77.22%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 21:00
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.Debian GNU/Linux
Product-strongswanubuntu_linuxdebian_linuxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-36285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 55.76%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 15:38
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL.

Action-Not Available
Vendor-unionpayintln/a
Product-union_payn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-8133
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.72% / 49.65%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 14:25
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.

Action-Not Available
Vendor-n/aNextcloud GmbH
Product-nextcloud_serverNextcloud Server
CWE ID-CWE-657
Violation of Secure Design Principles
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-41830
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.35% / 68.27%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 08:10
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Double Certificate Attack

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openofficeApache OpenOffice
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found