CVE-2019-11841
published 2019-05-22CVE-2019-11841: A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP…
PriorityP433medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
2.00%
78.3th percentile
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text to cleartext messages without invalidating the signatures.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | golang-go.crypto | < golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bookworm) | golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bookworm) |
| golang.org | x_crypto | >= 0 < 0.0.0-20190424203555-c05e17bb3b2d | 0.0.0-20190424203555-c05e17bb3b2d |
| golang | crypto | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cleartext Signed Message Signature Spoofing in openpgp
ghsa·2023-08-29
CVE-2023-41037 [MEDIUM] CWE-347 Cleartext Signed Message Signature Spoofing in openpgp
Cleartext Signed Message Signature Spoofing in openpgp
### Impact
OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools:
```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This text is signed.
-----BEGIN PGP SIGNATURE-----
wnUEARMIACcFgmTkrNAJkInXCgj0fgcIFiEE1JlKzzDGQxZmmHkYidcKCPR+
BwgAAKXDAQDWGhI7tPbhB+jlKwe4+yPJ+9X8aWDUG60XFNi/w8T7ZgEAsAGd
WJrkm/H5AXGZsqyqqO6IWGF0geTCd4mWm/CsveM=
-----END PGP SIGNATURE-----
```
These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest.
OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleart
OSV
Cleartext Signed Message Signature Spoofing in openpgp
osv·2023-08-29
CVE-2023-41037 [MEDIUM] Cleartext Signed Message Signature Spoofing in openpgp
Cleartext Signed Message Signature Spoofing in openpgp
### Impact
OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools:
```
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This text is signed.
-----BEGIN PGP SIGNATURE-----
wnUEARMIACcFgmTkrNAJkInXCgj0fgcIFiEE1JlKzzDGQxZmmHkYidcKCPR+
BwgAAKXDAQDWGhI7tPbhB+jlKwe4+yPJ+9X8aWDUG60XFNi/w8T7ZgEAsAGd
WJrkm/H5AXGZsqyqqO6IWGF0geTCd4mWm/CsveM=
-----END PGP SIGNATURE-----
```
These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest.
OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleart
OSV
Misleading message verification in golang.org/x/crypto/openpgp/clearsign
osv·2023-08-23
CVE-2019-11841 Misleading message verification in golang.org/x/crypto/openpgp/clearsign
Misleading message verification in golang.org/x/crypto/openpgp/clearsign
The clearsign package accepts some malformed messages, making it possible for an attacker to trick a human user (but not a Go program) into thinking unverified text is part of the message.
With fix, messages with malformed headers in the SIGNED MESSAGE section are rejected.
OSV
Golang/x/crypto message forgery vulnerability
osv·2022-05-24
CVE-2019-11841 [MEDIUM] Golang/x/crypto message forgery vulnerability
Golang/x/crypto message forgery vulnerability
A message-forgery issue was discovered in `crypto/openpgp/clearsign/clearsign.go` in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrar
GHSA
Golang/x/crypto message forgery vulnerability
ghsa·2022-05-24
CVE-2019-11841 [MEDIUM] CWE-347 Golang/x/crypto message forgery vulnerability
Golang/x/crypto message forgery vulnerability
A message-forgery issue was discovered in `crypto/openpgp/clearsign/clearsign.go` in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrar
OSV
CVE-2019-11841: A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign
osv·2019-05-22·CVSS 5.9
CVE-2019-11841 [MEDIUM] CVE-2019-11841: A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text
Debian
CVE-2019-11841: golang-go.crypto - A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go ...
vendor_debian·2019·CVSS 5.9
CVE-2019-11841 [MEDIUM] CVE-2019-11841: golang-go.crypto - A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go ...
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The "Hash" Armor Header specifies the message digest algorithm(s) used for the signature. However, the Go clearsign package ignores the value of this header, which allows an attacker to spoof it. Consequently, an attacker can lead a victim to believe the signature was generated using a different message digest algorithm than what was actually used. Moreover, since the library skips Armor Header parsing in general, an attacker can not only embed arbitrary Armor Headers, but also prepend arbitrary text
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.htmlhttps://go.googlesource.com/crypto/https://lists.debian.org/debian-lts-announce/2019/09/msg00011.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2023/06/msg00017.htmlhttps://sec-consult.com/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841/http://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.htmlhttps://go.googlesource.com/crypto/https://lists.debian.org/debian-lts-announce/2019/09/msg00011.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00014.htmlhttps://lists.debian.org/debian-lts-announce/2023/06/msg00017.htmlhttps://sec-consult.com/https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841/
2019-05-22
Published