Fluid Attacks Database

Description

Improper Verification of Cryptographic Signature in node-forge

Impact

RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used.

Patches

The issue has been addressed in node-forge 1.3.0.

References

For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.

For more information

If you have any questions or comments about this advisory:

Open an issue in forge

Email us at example email address

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	node-forge	>=0 <1.3.0	1.3.0
debian 11	node-node-forge	=0.10.0~dfsg-3 \|\| >=0 <0.10.0~dfsg-3+deb11u1	0.10.0~dfsg-3+deb11u1
npm	forge	>=0 <1.3.0	2.1.0
rpm rhel8	pcs	-	-

Aliases

1. CVE-2022-247722. NVD-2022-247723. OSV-2022-247724. OSV-DEBIAN-2022-247725. GHSA-x4jg-mjrx-434g6. GCVE-2022-247727. SECURITY-TRACKER-CVE-2022-247728. GHSA-x4jg-mjrx-434g

References

1. https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g2. https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df13. https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2