2067461 – (CVE-2022-24773) CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure

Bug 2067461 (CVE-2022-24773) - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure

Summary: CVE-2022-24773 node-forge: Signature verification leniency in checking `Diges...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-24773
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2069036 2069027 2069028 2069029 2069030 2069031 2069032 2069033 2069034 2069035 2069223 2069225 2069226 2069608 2069609 2069611 2078888 2078889 2078890 2102577
Blocks:	2067462
TreeView+	depends on / blocked

Reported:	2022-03-23 20:54 UTC by Pedro Sampaio
Modified:	2024-03-19 13:36 UTC (History)
CC List:	107 users (show)
Fixed In Version:	node-forge 1.3.0
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the node-forge library when verifying the signature on the ASN.1 structure in RSA PKCS#1 v1.5. This flaw allows an attacker to obtain successful verification for invalid DigestInfo structure, affecting the integrity of the attacked resource.
Clone Of:
Environment:
Last Closed:	2022-05-06 00:46:17 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:1681	None	None	None	2022-05-03 16:43:51 UTC
Red Hat Product Errata	RHSA-2022:1739	None	None	None	2022-05-05 18:03:11 UTC
Red Hat Product Errata	RHSA-2022:6156	None	None	None	2022-08-24 13:47:27 UTC
Red Hat Product Errata	RHSA-2022:6835	None	None	None	2022-10-06 12:28:04 UTC

Description Pedro Sampaio 2022-03-23 20:54:55 UTC

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2

Comment 3 Avinash Hanwate 2022-03-28 04:43:26 UTC

Created cockatrice tracking bugs for this issue:

Affects: fedora-all [bug 2069028]


Created couchdb tracking bugs for this issue:

Affects: fedora-all [bug 2069030]


Created dotnet3.1 tracking bugs for this issue:

Affects: fedora-all [bug 2069027]


Created golang-ariga-atlas tracking bugs for this issue:

Affects: fedora-all [bug 2069031]


Created golang-github-prometheus tracking bugs for this issue:

Affects: epel-all [bug 2069036]


Created golang-vitess tracking bugs for this issue:

Affects: fedora-all [bug 2069032]


Created grpc tracking bugs for this issue:

Affects: fedora-all [bug 2069033]


Created openvas-gsa tracking bugs for this issue:

Affects: fedora-all [bug 2069034]


Created zuul tracking bugs for this issue:

Affects: fedora-all [bug 2069035]

Comment 10 errata-xmlrpc 2022-05-03 16:43:45 UTC

This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8

Via RHSA-2022:1681 https://access.redhat.com/errata/RHSA-2022:1681

Comment 11 errata-xmlrpc 2022-05-05 18:03:05 UTC

This issue has been addressed in the following products:

  OpenShift Service Mesh 2.1

Via RHSA-2022:1739 https://access.redhat.com/errata/RHSA-2022:1739

Comment 12 Product Security DevOps Team 2022-05-06 00:46:11 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-24773

Comment 14 errata-xmlrpc 2022-08-24 13:47:23 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Data Foundation 4.11 on RHEL8

Via RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156

Comment 15 errata-xmlrpc 2022-10-06 12:27:58 UTC

This issue has been addressed in the following products:

  RHINT Service Registry 2.3.0 GA

Via RHSA-2022:6835 https://access.redhat.com/errata/RHSA-2022:6835

Note You need to log in before you can comment on or make changes to this bug.

aileenc
alazarot
amackenz
amasferr
amctagga
andrew.slice
anstephe
aos-bugs
bdettelb
bodavis
caswilli
cfeist
chazlett
cheese
cluster-maint
crummel
dan.cermak
dbhole
dotnet-packagers
drieden
ellin
emingora
eric.wittmann
etamir
etirelli
extras-orphan
fboucher
fjansen
francisco.vergarat
gmalinko
go-sig
gparvin
harold
hbraun
huzaifas
ibek
idevat
janstey
jkoehler
jnethert
jochrist
jramanat
jrokos
jross
jschatte
jstastny
jwendell
jwong
jwon
kanderso
kaycoth
kmalyjur
krathod
kverlaen
lemenkov
link
lvaleeva
mail
micjohns
mkudlej
mlisik
mnovotny
mpospisi
mwringe
nbecker
nboldt
njean
ocs-bugs
omajid
omular
openstack-sig
oskutka
ovanders
pabelanger
pahickey
pantinor
pdelbell
pjindal
ploffay
psegedy
rareddy
rcernich
rebus
rfreiman
rgarg
rgodfrey
rguimara
rjanekov
rrajasek
rwagner
scorneli
shbose
stcannon
sthirugn
stjepan.gros
tcarlin
tjochec
tkasparek
tojeline
tsasak
twalsh
tzimanyi
ubhargav
vkrizan
vmugicag
xavier
zebob.m