RSA PKCS#1 v1.5 signature verification code is not properly checking DigestInfo
for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest.
The issue has been addressed in node-forge
1.3.0
.
If you have any questions or comments about this advisory: * Open an issue in forge * Email us at example email address
{ "nvd_published_at": "2022-03-18T14:15:00Z", "github_reviewed_at": "2022-03-18T23:10:48Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-347" ] }