Platform
nodejs
Component
node-forge
Fixed in
1.3.0
CVE-2022-24771 describes a vulnerability in the node-forge package related to RSA PKCS#1 v1.5 signature verification. The code's lenient checking of the digest algorithm structure allows a crafted structure to steal padding bytes and forge a signature, particularly when a low public exponent is used. This issue affects node-forge versions prior to 1.3.0. The vulnerability is addressed in node-forge version 1.3.0.
CVE-2022-24771 affects the node-forge library, specifically the RSA PKCS#1 v1.5 signature verification code. The vulnerability lies in a lenient check of the digest algorithm structure. This allows a crafted structure to steal padding bytes and use an unverified portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The risk is significant for applications relying on node-forge for RSA signature verification and utilizing configurations with small public exponents.
Exploitation of this vulnerability requires an attacker with knowledge of PKCS#1 signature structures and the ability to send malicious data to the system using node-forge for verification. Success depends on the specific system configuration, including the public exponent used in the RSA keys. A small public exponent increases the likelihood of successful exploitation. The complexity of the attack lies in constructing a carefully crafted signature structure to deceive the verifier.
Exploit Status
EPSS
0.14% (35% percentile)
CVSS Vector
The solution to this vulnerability is to update the node-forge library to version 1.3.0 or higher. This version corrects the digest algorithm structure verification, preventing padding manipulation and signature forgery. Upgrading to the latest stable version of node-forge is strongly recommended to mitigate this risk. Additionally, review code utilizing node-forge to ensure secure public exponents are used and that best practices for key and signature management are followed.
Actualice a la versión 1.3.0 o superior de node-forge para mitigar la vulnerabilidad. Esta actualización corrige la verificación inadecuada de la firma criptográfica, previniendo la posibilidad de falsificación de firmas bajo ciertas condiciones.
Vulnerability analysis and critical alerts directly to your inbox.
PKCS#1 v1.5 is a standard for the format of RSA messages. It defines how messages should be encoded and padded before being signed or decrypted with RSA.
The public exponent is a key component of the RSA key. A small public exponent can make the signature more vulnerable to attacks like this, as it facilitates the calculation of a forged signature.
If immediate updating is not possible, consider implementing additional mitigation measures, such as using larger public exponents and rigorous signature validation.
Currently, there are no specific tools to detect this vulnerability. However, a thorough code review is recommended to identify any insecure usage of node-forge.
KEV: no indicates that this vulnerability has not been included in the Vulnerability Knowledgebase of the community.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.