@@ -15,6 +15,8 @@ Forge ChangeLog
1515[ "Bleichenbacher's RSA signature forgery based on implementation
1616 error"] ( https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/ )
1717 by Hal Finney.
18+ - CVE ID:[ CVE-2022 -24771] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771 )
19+ - GHSA ID:[ GHSA-cfm4 -qjh2-4765] ( https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765 )
1820- ** HIGH** : Failing to check tailing garbage bytes can lead to signature
1921 forgery.
2022- The code does not check for tailing garbage bytes after decoding a
@@ -24,10 +26,14 @@ Forge ChangeLog
2426 signature forgery based on implementation
2527 error"] ( https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/ )
2628 by Hal Finney.
29+ - CVE ID:[ CVE-2022 -24772] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772 )
30+ - GHSA ID:[ GHSA-x4jg -mjrx-434g] ( https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g )
2731- ** MEDIUM** : Leniency in checking type octet.
2832- ` DigestInfo ` is not properly checked for proper ASN.1 structure. This can
2933 lead to successful verification with signatures that contain invalid
3034 structures but a valid digest.
35+ - CVE ID:[ CVE-2022 -24773] ( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773 )
36+ - GHSA ID:[ GHSA-2r2c -g63r-vccr] ( https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr )
3137
3238###Fixed
3339- [ asn1] Add fallback to pretty print invalid UTF8 data.