CVE-2022-24884

Trivial signature forgery in ecdsautils

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.

ecdsautils es una pequeña colección de programas usados para ECDSA (keygen, sign, verify). "ecdsa_verify_[prepare_]legacy()" no comprueba si los valores de la firma "r" y "s" son distintos de cero. Una firma formada sólo por ceros se considera siempre válida, lo que hace trivial la falsificación de firmas. Requerir múltiples firmas de diferentes claves públicas no mitiga el problema: "ecdsa_verify_list_legacy()" aceptará un número arbitrario de tales firmas falsificadas. Tanto el comando CLI "ecdsautil verify" como la biblioteca libecdsautil están afectados. El problema ha sido corregido en ecdsautils versión 0.4.1. Todas las versiones anteriores de ecdsautils (incluidas las versiones anteriores a la división en una biblioteca y una utilidad CLI) son vulnerables

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-10 CVE Reserved
2022-05-05 CVE Published
2024-08-03 CVE Updated
2024-11-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (8)

URL	Tag	Source
https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00007.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08	2023-11-07
https://github.com/freifunk-gluon/ecdsautils/commit/39b6d0a77414fd41614953a0e185c4eefa2f88ad	2023-11-07

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AKQH5WCBMJA3ODCSNERY6HVX4BX3ITG	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2JT57AAFIEL7JDO2ZBV25JKYME5NU54	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7UBR3M4U3LA46BHXYSH7EN5GDG44GK7	2023-11-07
https://www.debian.org/security/2022/dsa-5132	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ecdsautils Project Search vendor "Ecdsautils Project"		Ecdsautils Search vendor "Ecdsautils Project" for product "Ecdsautils"				< 0.4.1 Search vendor "Ecdsautils Project" for product "Ecdsautils" and version " < 0.4.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected