Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
axTLS ‘sig_verify()’函数安全漏洞
Vulnerability Description
axTLS是一款高度可配置的客户端/服务器TLS(安全传输层协议)库。 axTLS 2.1.3及之前的版本中的x509.c文件的‘sig_verify()’函数存在安全漏洞,该漏洞源于PKCS#1 v1.5版本数字签名验证没有拒收多余的数据。远程攻击者可利用该漏洞伪造数字签名。
CVSS Information
N/A
Vulnerability Type
N/A