2067458 – (CVE-2022-24772) CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery

Bug 2067458 (CVE-2022-24772) - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery

Summary: CVE-2022-24772 node-forge: Signature verification failing to check tailing ga...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-24772
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2069018 2069017 2069019 2069020 2069021 2069022 2069023 2069024 2069025 2069026 2069218 2069219 2069220 2069605 2069606 2069607 2078885 2078886 2078887 2102578
Blocks:	2067462
TreeView+	depends on / blocked

Reported:	2022-03-23 20:38 UTC by Pedro Sampaio
Modified:	2024-03-19 12:55 UTC (History)
CC List:	107 users (show)
Fixed In Version:	node-forge 1.3.0
Clone Of:
Environment:
Last Closed:	2022-05-06 00:45:20 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:1681	None	None	None	2022-05-03 16:43:47 UTC
Red Hat Product Errata	RHSA-2022:1739	None	None	None	2022-05-05 18:03:06 UTC
Red Hat Product Errata	RHSA-2022:6156	None	None	None	2022-08-24 13:47:23 UTC
Red Hat Product Errata	RHSA-2022:6813	None	None	None	2022-10-05 10:46:09 UTC
Red Hat Product Errata	RHSA-2022:6835	None	None	None	2022-10-06 12:27:56 UTC

Description Pedro Sampaio 2022-03-23 20:38:01 UTC

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g

Comment 3 Avinash Hanwate 2022-03-28 04:41:50 UTC

Created cockatrice tracking bugs for this issue:

Affects: fedora-all [bug 2069020]


Created couchdb tracking bugs for this issue:

Affects: fedora-all [bug 2069021]


Created dotnet3.1 tracking bugs for this issue:

Affects: fedora-all [bug 2069017]


Created golang-ariga-atlas tracking bugs for this issue:

Affects: fedora-all [bug 2069022]


Created golang-github-prometheus tracking bugs for this issue:

Affects: epel-all [bug 2069018]


Created golang-vitess tracking bugs for this issue:

Affects: fedora-all [bug 2069023]


Created grpc tracking bugs for this issue:

Affects: fedora-all [bug 2069024]


Created openvas-gsa tracking bugs for this issue:

Affects: fedora-all [bug 2069025]


Created zuul tracking bugs for this issue:

Affects: fedora-all [bug 2069026]

Comment 10 errata-xmlrpc 2022-05-03 16:43:41 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8

Via RHSA-2022:1681 https://access.redhat.com/errata/RHSA-2022:1681

Comment 11 errata-xmlrpc 2022-05-05 18:03:00 UTC

This issue has been addressed in the following products:

  OpenShift Service Mesh 2.1

Via RHSA-2022:1739 https://access.redhat.com/errata/RHSA-2022:1739

Comment 12 Product Security DevOps Team 2022-05-06 00:45:14 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-24772

Comment 14 errata-xmlrpc 2022-08-24 13:47:17 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.11 on RHEL8

Via RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156

Comment 15 errata-xmlrpc 2022-10-05 10:46:04 UTC

This issue has been addressed in the following products:

  RHPAM 7.13.1 async

Via RHSA-2022:6813 https://access.redhat.com/errata/RHSA-2022:6813

Comment 16 errata-xmlrpc 2022-10-06 12:27:50 UTC

This issue has been addressed in the following products:

  RHINT Service Registry 2.3.0 GA

Via RHSA-2022:6835 https://access.redhat.com/errata/RHSA-2022:6835

Note You need to log in before you can comment on or make changes to this bug.

aileenc
alazarot
amackenz
amasferr
amctagga
andrew.slice
anstephe
aos-bugs
bdettelb
bodavis
caswilli
cfeist
chazlett
cheese
cluster-maint
crummel
dan.cermak
dbhole
dotnet-packagers
drieden
eclipseo
ellin
emingora
eric.wittmann
etamir
etirelli
extras-orphan
fboucher
fjansen
francisco.vergarat
gmalinko
go-sig
gparvin
harold
hbraun
huzaifas
ibek
idevat
janstey
jkoehler
jnethert
jochrist
jramanat
jrokos
jross
jschatte
jstastny
jwendell
jwong
jwon
kanderso
kaycoth
kmalyjur
krathod
kverlaen
lemenkov
link
lvaleeva
mail
micjohns
mkudlej
mlisik
mnovotny
mpospisi
mwringe
nbecker
nboldt
njean
ocs-bugs
omajid
omular
openstack-sig
oskutka
ovanders
pabelanger
pahickey
pantinor
pdelbell
pjindal
ploffay
psegedy
rareddy
rcernich
rebus
rfreiman
rgarg
rgodfrey
rguimara
rjanekov
rrajasek
rwagner
scorneli
shbose
stcannon
sthirugn
stjepan.gros
tcarlin
tjochec
tkasparek
tojeline
tsasak
twalsh
tzimanyi
ubhargav
vkrizan
vmugicag
xavier