CVE-2022-24772

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.3.0

Description The issue concerns the RSA PKCS#1 v1.5 signature verification code in node-forge, which does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used.

Recommendations For versions prior to 1.3.0, update to version 1.3.0 to address the issue. As a temporary workaround, consider restricting the use of low public exponents in RSA signatures until the update is applied.