CVE-2022-24771

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.3.0

Description The issue concerns the RSA PKCS#1 v1.5 signature verification code in node-forge, which is lenient in checking the digest algorithm structure. This leniency can allow a crafted structure to steal padding bytes and use the unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.

Recommendations For versions prior to 1.3.0, update to version 1.3.0 to address the issue. As a temporary workaround, consider restricting the use of low public exponents in RSA signatures until the update is applied.