QwikSec

Security Database

CVE

CWE

Training

CVE-2015-9258

Published: Mar 31, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.docker.com/notary/changelog/

x_refsource_MISC

https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.