// For flags

CVE-2021-25636

Incorrect trust validation of signature with ambiguous KeyInfo children

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

LibreOffice soporta firmas digitales de documentos ODF y macros dentro de documentos, presentando ayudas visuales de que no ha sido producido ninguna alteración del documento desde la última firma y que la firma es válida. Una vulnerabilidad de comprobación inapropiada de certificados en LibreOffice permitía a un atacante crear un documento ODF firmado digitalmente, manipulando el flujo documentsignatures.xml o macrosignatures.xml dentro del documento para que contuviera los hijos "X509Data" y "KeyValue" de la etiqueta "KeyInfo", que cuando era abierta causaba que LibreOffice verificara usando el "KeyValue" pero informara de la verificación con el valor "X509Data" no relacionado. Este problema afecta a: Document Foundation LibreOffice versiones 7.2 anteriores a 7.2.5

A improper certificate validation flaw was found in LibreOffice allowing an attacker to manipulate a digitally signed ODF document to appear that no alteration of the document occurred since the last signing and that the signature is valid.

*Credits: Thanks to NDS of Ruhr University Bochum for discovering and reporting this problem.
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-19 CVE Reserved
  • 2022-02-22 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-09-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-295: Improper Certificate Validation
  • CWE-347: Improper Verification of Cryptographic Signature
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libreoffice
Search vendor "Libreoffice"
 Libreoffice
Search vendor "Libreoffice" for product "Libreoffice"
 >= 7.2.0 < 7.2.5
Search vendor "Libreoffice" for product "Libreoffice" and version " >= 7.2.0 < 7.2.5"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected