CVE-2022-24773
RSA PKCS#1 v1.5 Signature Verification vulnerability in node-forge (npm)
What is CVE-2022-24773 About?
This vulnerability in RSA PKCS#1 v1.5 signature verification allows for successful validation of signatures with malformed ASN.1 structures. This enables an attacker to forge signatures if they can craft an invalid structure containing a valid digest. Exploitation is complex, requiring specific cryptographic knowledge.
Affected Software
Technical Details
The node-forge library's RSA PKCS#1 v1.5 signature verification code fails to properly check the DigestInfo structure for correct ASN.1 formatting. DigestInfo is a critical component in PKCS#1 v1.5 signatures that encapsulates the digest algorithm identifier and the message digest. Due to this oversight, signatures that contain an invalid ASN.1 structure in the DigestInfo block but still embed a correctly calculated digest can be erroneously validated as legitimate. This allows an attacker to manipulate the outer structure of a signature without altering the critical digest value, potentially bypassing signature validation checks.
What is the Impact of CVE-2022-24773?
Successful exploitation may allow attackers to forge valid cryptographic signatures, potentially leading to unauthorized data manipulation, impersonation, or bypass of integrity checks in systems relying on RSA PKCS#1 v1.5 signatures.
What is the Exploitability of CVE-2022-24773?
Exploitation is highly complex, requiring an in-depth understanding of cryptographic primitives, ASN.1 encoding, and the specific implementation details of the vulnerable signature verification process. There are no direct authentication or privilege requirements for the act of signature verification itself; the vulnerability lies in how systems validate data. Access to a system that verifies RSA PKCS#1 v1.5 signatures is needed, typically through submitting malicious signed data. No special conditions beyond the faulty implementation are required, but crafting a suitable malicious signature is difficult. The risk factors increasing exploitation likelihood include widespread use of the vulnerable library version or scenarios where attackers can frequently submit signed data for validation.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-24773?
About the Fix from Resolved Security
This patch ensures that all DER bytes in the RSA signature's ASN.1 DigestInfo structure are parsed without any unprocessed trailing data, and strictly validates the expected ASN.1 structure and allowed algorithms. This defends against the Bleichenbacher padding oracle attack (CVE-2022-24773) by preventing attackers from exploiting lax parsing or structural acceptance to forge message signatures.
Available Upgrade Options
- node-forge
- <1.3.0 → Upgrade to 1.3.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr
- https://nvd.nist.gov/vuln/detail/CVE-2022-24773
- https://osv.dev/vulnerability/GHSA-2r2c-g63r-vccr
- https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
- https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
- https://github.com/digitalbazaar/forge
What are Similar Vulnerabilities to CVE-2022-24773?
Similar Vulnerabilities: CVE-2006-4339 , CVE-2017-1000358 , CVE-2020-14901 , CVE-2015-7575 , CVE-2019-14867
